aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord
diff options
context:
space:
mode:
authorbogdanvlviv <bogdanvlviv@gmail.com>2019-01-17 20:10:01 +0000
committerbogdanvlviv <bogdanvlviv@gmail.com>2019-01-17 20:10:01 +0000
commit6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b (patch)
treeec16165424d31dd24f364bf28591cbee63b06a54 /activerecord
parent2dee59fed1e78b983aed4db53dc8fc59e49b9200 (diff)
downloadrails-6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b.tar.gz
rails-6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b.tar.bz2
rails-6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b.zip
Ensure that AR::Relation#exists? allows only permitted params
Clarify changelog entry Related to #34891
Diffstat (limited to 'activerecord')
-rw-r--r--activerecord/CHANGELOG.md8
-rw-r--r--activerecord/test/cases/finder_test.rb8
-rw-r--r--activerecord/test/support/stubs/strong_parameters.rb8
3 files changed, 17 insertions, 7 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index e987a0e279..508ad4c204 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,10 +1,10 @@
-* Set polymorphic type column to NULL on `dependent: :nullify` strategy.
-
+* Set polymorphic type column to NULL on `dependent: :nullify` strategy.
+
On polymorphic associations both the foreign key and the foreign type columns will be set to NULL.
-
+
*Laerti Papa*
-* Allow `ActionController::Params` as argument of `ActiveRecord::Base#exists?`.
+* Allow permitted instance of `ActionController::Parameters` as argument of `ActiveRecord::Relation#exists?`.
*Gannon McGibbon*
diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb
index 1c53362bac..b8ce11a791 100644
--- a/activerecord/test/cases/finder_test.rb
+++ b/activerecord/test/cases/finder_test.rb
@@ -226,11 +226,15 @@ class FinderTest < ActiveRecord::TestCase
end
def test_exists_with_strong_parameters
- assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo"))
+ assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo").permit!)
Subscriber.create!(nick: "foo")
- assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo"))
+ assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo").permit!)
+
+ assert_raises(ActiveModel::ForbiddenAttributesError) do
+ Subscriber.exists?(Parameters.new(nick: "foo"))
+ end
end
def test_exists_passing_active_record_object_is_not_permitted
diff --git a/activerecord/test/support/stubs/strong_parameters.rb b/activerecord/test/support/stubs/strong_parameters.rb
index acba3a4504..84f93a28b9 100644
--- a/activerecord/test/support/stubs/strong_parameters.rb
+++ b/activerecord/test/support/stubs/strong_parameters.rb
@@ -3,10 +3,16 @@
class Parameters
def initialize(parameters = {})
@parameters = parameters.with_indifferent_access
+ @permitted = false
end
def permitted?
- true
+ @permitted
+ end
+
+ def permit!
+ @permitted = true
+ self
end
def to_h