aboutsummaryrefslogtreecommitdiffstats
path: root/railties
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2014-06-27 18:11:31 -0300
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-06-27 18:16:52 -0300
commitebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1 (patch)
treef247087c0de5d26adaefb5e109118d658735fc3e /railties
parent67d7dfd082ba395bca5d937d039f50965dfc03ab (diff)
parent58399e1dc3e40b0f6cf8f5da31d694267afdf328 (diff)
downloadrails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.tar.gz
rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.tar.bz2
rails-ebdedaec32957d5dd81b15e0cf1b60d3f5ccbcb1.zip
Merge pull request #15933 from rafael/master
Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
Diffstat (limited to 'railties')
-rw-r--r--railties/test/application/configuration_test.rb38
1 files changed, 38 insertions, 0 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 207a0c7e86..17b406f6a3 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -714,6 +714,44 @@ module ApplicationTests
assert_match "We're sorry, but something went wrong", last_response.body
end
+ test "config.action_controller.always_permitted_parameters are: controller, action by default" do
+ require "#{app_path}/config/environment"
+ assert_equal %w(controller action), ActionController::Parameters.always_permitted_parameters
+ end
+
+ test "config.action_controller.always_permitted_parameters = ['controller', 'action', 'format']" do
+ add_to_config <<-RUBY
+ config.action_controller.always_permitted_parameters = %w( controller action format )
+ RUBY
+ require "#{app_path}/config/environment"
+ assert_equal %w( controller action format ), ActionController::Parameters.always_permitted_parameters
+ end
+
+ test "config.action_controller.always_permitted_parameters = ['controller','action','format'] does not raise exeception" do
+ app_file 'app/controllers/posts_controller.rb', <<-RUBY
+ class PostsController < ActionController::Base
+ def create
+ render text: params.permit(post: [:title])
+ end
+ end
+ RUBY
+
+ add_to_config <<-RUBY
+ routes.prepend do
+ resources :posts
+ end
+ config.action_controller.always_permitted_parameters = %w( controller action format )
+ config.action_controller.action_on_unpermitted_parameters = :raise
+ RUBY
+
+ require "#{app_path}/config/environment"
+
+ assert_equal :raise, ActionController::Parameters.action_on_unpermitted_parameters
+
+ post "/posts", {post: {"title" =>"zomg"}, format: "json"}
+ assert_equal 200, last_response.status
+ end
+
test "config.action_controller.action_on_unpermitted_parameters is :log by default on development" do
ENV["RAILS_ENV"] = "development"