diff options
| -rw-r--r-- | activemodel/test/cases/forbidden_attributes_protection_test.rb | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/activemodel/test/cases/forbidden_attributes_protection_test.rb b/activemodel/test/cases/forbidden_attributes_protection_test.rb index 680f222a30..fab28ced0e 100644 --- a/activemodel/test/cases/forbidden_attributes_protection_test.rb +++ b/activemodel/test/cases/forbidden_attributes_protection_test.rb @@ -1,22 +1,32 @@ require 'cases/helper' +require 'active_support/core_ext/hash/indifferent_access' require 'models/account' +class ProtectedParams < ActiveSupport::HashWithIndifferentAccess + attr_accessor :permitted + alias :permitted? :permitted + + def initialize(attributes) + super(attributes) + @permitted = false + end + + def permit! + @permitted = true + self + end +end + class ActiveModelMassUpdateProtectionTest < ActiveSupport::TestCase test "forbidden attributes cannot be used for mass updating" do - params = { "a" => "b" } - class << params - define_method(:permitted?) { false } - end + params = ProtectedParams.new({ "a" => "b" }) assert_raises(ActiveModel::ForbiddenAttributes) do Account.new.sanitize_for_mass_assignment(params) end end test "permitted attributes can be used for mass updating" do - params = { "a" => "b" } - class << params - define_method(:permitted?) { true } - end + params = ProtectedParams.new({ "a" => "b" }).permit! assert_nothing_raised do assert_equal({ "a" => "b" }, Account.new.sanitize_for_mass_assignment(params)) |