diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-05-29 20:35:46 +0000 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-05-29 20:35:46 +0000 |
commit | af98d883b91aad78cd8183f8abbdf27bd740ff66 (patch) | |
tree | bdecff2fab52766af3dde2d752d716b85446e9f6 /activerecord | |
parent | 32b307bc32e12626b0e6ae493cc3ab34b4c5ea37 (diff) | |
download | rails-af98d883b91aad78cd8183f8abbdf27bd740ff66.tar.gz rails-af98d883b91aad78cd8183f8abbdf27bd740ff66.tar.bz2 rails-af98d883b91aad78cd8183f8abbdf27bd740ff66.zip |
Raise an exception if both attr_protected and attr_accessible are declared. Closes #8507, #6004.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6896 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord')
-rw-r--r-- | activerecord/CHANGELOG | 2 | ||||
-rwxr-xr-x | activerecord/lib/active_record/base.rb | 2 | ||||
-rwxr-xr-x | activerecord/test/base_test.rb | 12 |
3 files changed, 16 insertions, 0 deletions
diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG index 0ae8cbdd93..945c2238df 100644 --- a/activerecord/CHANGELOG +++ b/activerecord/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Raise an exception if both attr_protected and attr_accessible are declared. #8507 [stellsmi] + * SQLite, MySQL, PostgreSQL, Oracle: quote column names in column migration SQL statements. #8466 [marclove, lorenjohnson] * Allow nil serialized attributes with a set class constraint. #7293 [sandofsky] diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 36775d74b5..931afa61ba 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -2164,6 +2164,8 @@ module ActiveRecord #:nodoc: attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } elsif self.class.accessible_attributes.nil? attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } + else + raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both." end end diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb index 3171e75bac..d74a7b82b5 100755 --- a/activerecord/test/base_test.rb +++ b/activerecord/test/base_test.rb @@ -53,6 +53,12 @@ class Task < ActiveRecord::Base attr_protected :starting end +class TopicWithProtectedContentAndAccessibleAuthorName < ActiveRecord::Base + self.table_name = 'topics' + attr_accessible :author_name + attr_protected :content +end + class BasicsTest < Test::Unit::TestCase fixtures :topics, :companies, :developers, :projects, :computers, :accounts @@ -771,6 +777,12 @@ class BasicsTest < Test::Unit::TestCase assert_raise(ActiveRecord::RecordInvalid) { reply.update_attributes!(:title => nil, :content => "Have a nice evening") } end + def test_mass_assignment_should_raise_exception_if_accessible_and_protected_attribute_writers_are_both_used + topic = TopicWithProtectedContentAndAccessibleAuthorName.new + assert_raises(RuntimeError) { topic.attributes = { "author_name" => "me" } } + assert_raises(RuntimeError) { topic.attributes = { "content" => "stuff" } } + end + def test_mass_assignment_protection firm = Firm.new firm.attributes = { "name" => "Next Angle", "rating" => 5 } |