diff options
| author | bogdanvlviv <bogdanvlviv@gmail.com> | 2019-01-17 20:10:01 +0000 |
|---|---|---|
| committer | bogdanvlviv <bogdanvlviv@gmail.com> | 2019-01-17 20:10:01 +0000 |
| commit | 6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b (patch) | |
| tree | ec16165424d31dd24f364bf28591cbee63b06a54 /activerecord | |
| parent | 2dee59fed1e78b983aed4db53dc8fc59e49b9200 (diff) | |
| download | rails-6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b.tar.gz rails-6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b.tar.bz2 rails-6410c70f7caa5045e2f12ebd7aab8d8b6d3e6a0b.zip | |
Ensure that AR::Relation#exists? allows only permitted params
Clarify changelog entry
Related to #34891
Diffstat (limited to 'activerecord')
| -rw-r--r-- | activerecord/CHANGELOG.md | 8 | ||||
| -rw-r--r-- | activerecord/test/cases/finder_test.rb | 8 | ||||
| -rw-r--r-- | activerecord/test/support/stubs/strong_parameters.rb | 8 |
3 files changed, 17 insertions, 7 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index e987a0e279..508ad4c204 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,10 +1,10 @@ -* Set polymorphic type column to NULL on `dependent: :nullify` strategy. - +* Set polymorphic type column to NULL on `dependent: :nullify` strategy. + On polymorphic associations both the foreign key and the foreign type columns will be set to NULL. - + *Laerti Papa* -* Allow `ActionController::Params` as argument of `ActiveRecord::Base#exists?`. +* Allow permitted instance of `ActionController::Parameters` as argument of `ActiveRecord::Relation#exists?`. *Gannon McGibbon* diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb index 1c53362bac..b8ce11a791 100644 --- a/activerecord/test/cases/finder_test.rb +++ b/activerecord/test/cases/finder_test.rb @@ -226,11 +226,15 @@ class FinderTest < ActiveRecord::TestCase end def test_exists_with_strong_parameters - assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo")) + assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo").permit!) Subscriber.create!(nick: "foo") - assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo")) + assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo").permit!) + + assert_raises(ActiveModel::ForbiddenAttributesError) do + Subscriber.exists?(Parameters.new(nick: "foo")) + end end def test_exists_passing_active_record_object_is_not_permitted diff --git a/activerecord/test/support/stubs/strong_parameters.rb b/activerecord/test/support/stubs/strong_parameters.rb index acba3a4504..84f93a28b9 100644 --- a/activerecord/test/support/stubs/strong_parameters.rb +++ b/activerecord/test/support/stubs/strong_parameters.rb @@ -3,10 +3,16 @@ class Parameters def initialize(parameters = {}) @parameters = parameters.with_indifferent_access + @permitted = false end def permitted? - true + @permitted + end + + def permit! + @permitted = true + self end def to_h |