Merge pull request #7251 from rails/integrate-strong_parameters

Integrate strong_parameters in Rails 4
author: David Heinemeier Hansson <david@loudthinking.com> 2012-09-18 12:33:13 -0700
committer: David Heinemeier Hansson <david@loudthinking.com> 2012-09-18 12:33:13 -0700
commit: c49d959e9d40101f1712a452004695f4ce27d84c (patch)
tree: f87077668c14ed414e3d819212b0813e74551c8f /railties/test/application
parent: ade701045f0f80399d99151e5583d4f86c68678e (diff)
parent: 3919fcd61ef999aab9397332ce3017870b184766 (diff)
download: rails-c49d959e9d40101f1712a452004695f4ce27d84c.tar.gz
rails-c49d959e9d40101f1712a452004695f4ce27d84c.tar.bz2
rails-c49d959e9d40101f1712a452004695f4ce27d84c.zip
2 files changed, 22 insertions, 14 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 428c90afd0..d014e5e362 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -358,19 +358,6 @@ module ApplicationTests
       assert_equal "utf-16", ActionDispatch::Response.default_charset
     end
 
-    test "sets all Active Record models to whitelist all attributes by default" do
-      add_to_config <<-RUBY
-        config.active_record.whitelist_attributes = true
-      RUBY
-
-      require "#{app_path}/config/environment"
-
-      klass = Class.new(ActiveRecord::Base)
-
-      assert_equal ActiveModel::MassAssignmentSecurity::WhiteList, klass.active_authorizers[:default].class
-      assert_equal [], klass.active_authorizers[:default].to_a
-    end
-
     test "registers interceptors with ActionMailer" do
       add_to_config <<-RUBY
         config.action_mailer.interceptors = MyMailInterceptor
@@ -595,6 +582,28 @@ module ApplicationTests
       assert_equal '{"title"=>"foo"}', last_response.body
     end
 
+    test "config.action_controller.permit_all_parameters = true" do
+      app_file 'app/controllers/posts_controller.rb', <<-RUBY
+      class PostsController < ActionController::Base
+        def create
+          render :text => params[:post].permitted? ? "permitted" : "forbidden"
+        end
+      end
+      RUBY
+
+      add_to_config <<-RUBY
+        routes.prepend do
+          resources :posts
+        end
+        config.action_controller.permit_all_parameters = true
+      RUBY
+
+      require "#{app_path}/config/environment"
+
+      post "/posts", {:post => {"title" =>"zomg"}}
+      assert_equal 'permitted', last_response.body
+    end
+
     test "config.action_dispatch.ignore_accept_header" do
       make_basic_app do |app|
         app.config.action_dispatch.ignore_accept_header = true
diff --git a/railties/test/application/loading_test.rb b/railties/test/application/loading_test.rb
index e0286502f3..fcbc3c048c 100644
--- a/railties/test/application/loading_test.rb
+++ b/railties/test/application/loading_test.rb
@@ -20,7 +20,6 @@ class LoadingTest < ActiveSupport::TestCase
     app_file "app/models/post.rb", <<-MODEL
       class Post < ActiveRecord::Base
         validates_acceptance_of :title, :accept => "omg"
-        attr_accessible :title
       end
     MODEL
author	David Heinemeier Hansson <david@loudthinking.com>	2012-09-18 12:33:13 -0700
committer	David Heinemeier Hansson <david@loudthinking.com>	2012-09-18 12:33:13 -0700
commit	c49d959e9d40101f1712a452004695f4ce27d84c (patch)
tree	f87077668c14ed414e3d819212b0813e74551c8f /railties/test/application
parent	ade701045f0f80399d99151e5583d4f86c68678e (diff)
parent	3919fcd61ef999aab9397332ce3017870b184766 (diff)
download	rails-c49d959e9d40101f1712a452004695f4ce27d84c.tar.gz rails-c49d959e9d40101f1712a452004695f4ce27d84c.tar.bz2 rails-c49d959e9d40101f1712a452004695f4ce27d84c.zip