Merge pull request #15933 from rafael/master

Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
author: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-06-27 18:11:31 -0300
committer: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-06-27 18:16:52 -0300
commit: ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1 (patch)
tree: f247087c0de5d26adaefb5e109118d658735fc3e /railties/test/application
parent: 67d7dfd082ba395bca5d937d039f50965dfc03ab (diff)
parent: 58399e1dc3e40b0f6cf8f5da31d694267afdf328 (diff)
download: rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.tar.gz
rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.tar.bz2
rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.zip
1 files changed, 38 insertions, 0 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 207a0c7e86..17b406f6a3 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -714,6 +714,44 @@ module ApplicationTests
       assert_match "We're sorry, but something went wrong", last_response.body
     end
 
+    test "config.action_controller.always_permitted_parameters are: controller, action by default" do
+      require "#{app_path}/config/environment"
+      assert_equal %w(controller action), ActionController::Parameters.always_permitted_parameters
+    end
+
+    test "config.action_controller.always_permitted_parameters = ['controller', 'action', 'format']" do
+      add_to_config <<-RUBY
+        config.action_controller.always_permitted_parameters = %w( controller action format )
+      RUBY
+      require "#{app_path}/config/environment"
+      assert_equal %w( controller action format ), ActionController::Parameters.always_permitted_parameters
+    end
+
+    test "config.action_controller.always_permitted_parameters = ['controller','action','format'] does not raise exeception" do
+      app_file 'app/controllers/posts_controller.rb', <<-RUBY
+      class PostsController < ActionController::Base
+        def create
+          render text: params.permit(post: [:title])
+        end
+      end
+      RUBY
+
+      add_to_config <<-RUBY
+        routes.prepend do
+          resources :posts
+        end
+        config.action_controller.always_permitted_parameters = %w( controller action format )
+        config.action_controller.action_on_unpermitted_parameters = :raise
+      RUBY
+
+      require "#{app_path}/config/environment"
+
+      assert_equal :raise, ActionController::Parameters.action_on_unpermitted_parameters
+
+      post "/posts", {post: {"title" =>"zomg"}, format: "json"}
+      assert_equal 200, last_response.status
+    end
+
     test "config.action_controller.action_on_unpermitted_parameters is :log by default on development" do
       ENV["RAILS_ENV"] = "development"
author	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-06-27 18:11:31 -0300
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-06-27 18:16:52 -0300
commit	ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1 (patch)
tree	f247087c0de5d26adaefb5e109118d658735fc3e /railties/test/application
parent	67d7dfd082ba395bca5d937d039f50965dfc03ab (diff)
parent	58399e1dc3e40b0f6cf8f5da31d694267afdf328 (diff)
download	rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.tar.gz rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.tar.bz2 rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.zip