diff options
author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-04-26 17:51:43 +0200 |
---|---|---|
committer | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-04-26 18:00:57 +0200 |
commit | bb7024b6ecbc6f379275de3a7171bd0e84d39f29 (patch) | |
tree | 51f19c4b30cf7615992ab81576e89d45b7b9f290 /activerecord | |
parent | 6e02a61f3954ba98ad0c3c36e5898a4650e6e468 (diff) | |
download | rails-bb7024b6ecbc6f379275de3a7171bd0e84d39f29.tar.gz rails-bb7024b6ecbc6f379275de3a7171bd0e84d39f29.tar.bz2 rails-bb7024b6ecbc6f379275de3a7171bd0e84d39f29.zip |
AR update_attributes api is updated to reflect the addition of assign_attributes
Diffstat (limited to 'activerecord')
-rw-r--r-- | activerecord/lib/active_record/persistence.rb | 13 | ||||
-rw-r--r-- | activerecord/test/cases/persistence_test.rb | 40 |
2 files changed, 49 insertions, 4 deletions
diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb index a916c88348..998d237ada 100644 --- a/activerecord/lib/active_record/persistence.rb +++ b/activerecord/lib/active_record/persistence.rb @@ -136,22 +136,27 @@ module ActiveRecord # Updates the attributes of the model from the passed-in hash and saves the # record, all wrapped in a transaction. If the object is invalid, the saving # will fail and false will be returned. - def update_attributes(attributes) + # + # When updating model attributes, mass-assignment security protection is respected. + # If no +:as+ option is supplied then the :default scope will be used. + # If you want to bypass the protection given by +attr_protected+ and + # +attr_accessible+ then you can do so using the +:without_protection+ option. + def update_attributes(attributes, options = {}) # The following transaction covers any possible database side-effects of the # attributes assignment. For example, setting the IDs of a child collection. with_transaction_returning_status do - self.attributes = attributes + self.assign_attributes(attributes, options) save end end # Updates its receiver just like +update_attributes+ but calls <tt>save!</tt> instead # of +save+, so an exception is raised if the record is invalid. - def update_attributes!(attributes) + def update_attributes!(attributes, options = {}) # The following transaction covers any possible database side-effects of the # attributes assignment. For example, setting the IDs of a child collection. with_transaction_returning_status do - self.attributes = attributes + self.assign_attributes(attributes, options) save! end end diff --git a/activerecord/test/cases/persistence_test.rb b/activerecord/test/cases/persistence_test.rb index 3683e3430c..2044bc6e3f 100644 --- a/activerecord/test/cases/persistence_test.rb +++ b/activerecord/test/cases/persistence_test.rb @@ -491,6 +491,26 @@ class PersistencesTest < ActiveRecord::TestCase assert_equal "The First Topic", topic.title end + def test_update_attributes_as_admin + person = TightPerson.create + person.update_attributes({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :as => :admin) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + + def test_update_attributes_as_without_protection + person = TightPerson.create + person.update_attributes({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :without_protection => true) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + def test_update_attributes! Reply.validates_presence_of(:title) reply = Reply.find(2) @@ -512,6 +532,26 @@ class PersistencesTest < ActiveRecord::TestCase Reply.reset_callbacks(:validate) end + def test_update_attributes_as_admin + person = TightPerson.create + person.update_attributes!({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :as => :admin) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + + def test_update_attributes_as_without_protection + person = TightPerson.create + person.update_attributes!({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :without_protection => true) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + def test_destroyed_returns_boolean developer = Developer.first assert_equal false, developer.destroyed? |