diff options
5 files changed, 41 insertions, 0 deletions
diff --git a/activemodel/lib/active_model.rb b/activemodel/lib/active_model.rb index 40c48731a7..f757ba9843 100644 --- a/activemodel/lib/active_model.rb +++ b/activemodel/lib/active_model.rb @@ -37,6 +37,7 @@ module ActiveModel autoload :ForbiddenAttributesProtection autoload :Lint autoload :Model + autoload :DeprecatedMassAssignmentSecurity autoload :Name, 'active_model/naming' autoload :Naming autoload :Observer, 'active_model/observing' diff --git a/activemodel/lib/active_model/deprecated_mass_assignment_security.rb b/activemodel/lib/active_model/deprecated_mass_assignment_security.rb new file mode 100644 index 0000000000..16b8466e55 --- /dev/null +++ b/activemodel/lib/active_model/deprecated_mass_assignment_security.rb @@ -0,0 +1,19 @@ +module ActiveModel + module DeprecatedMassAssignmentSecurity + extend ActiveSupport::Concern + + module ClassMethods + def attr_protected(*args) + raise "`attr_protected` is extracted out of Rails into a gem. " \ + "Please use new recommended protection model for params " \ + "or add `protected_attributes` to your Gemfile to use old one." + end + + def attr_accessible(*args) + raise "`attr_accessible` is extracted out of Rails into a gem. " \ + "Please use new recommended protection model for params " \ + "or add `protected_attributes` to your Gemfile to use old one." + end + end + end +end diff --git a/activemodel/test/cases/deprecated_mass_assignment_security_test.rb b/activemodel/test/cases/deprecated_mass_assignment_security_test.rb new file mode 100644 index 0000000000..c1fe8822cd --- /dev/null +++ b/activemodel/test/cases/deprecated_mass_assignment_security_test.rb @@ -0,0 +1,16 @@ +require 'cases/helper' +require 'models/project' + +class DeprecatedMassAssignmentSecurityTest < ActiveModel::TestCase + def test_attr_accessible_raise_error + assert_raise RuntimeError, /protected_attributes/ do + Project.attr_accessible :username + end + end + + def test_attr_protected_raise_error + assert_raise RuntimeError, /protected_attributes/ do + Project.attr_protected :username + end + end +end diff --git a/activemodel/test/models/project.rb b/activemodel/test/models/project.rb new file mode 100644 index 0000000000..581b6dc0b3 --- /dev/null +++ b/activemodel/test/models/project.rb @@ -0,0 +1,3 @@ +class Project + include ActiveModel::DeprecatedMassAssignmentSecurity +end diff --git a/activerecord/lib/active_record/attribute_assignment.rb b/activerecord/lib/active_record/attribute_assignment.rb index c30443f7a8..f11ca941c4 100644 --- a/activerecord/lib/active_record/attribute_assignment.rb +++ b/activerecord/lib/active_record/attribute_assignment.rb @@ -1,6 +1,8 @@ module ActiveRecord module AttributeAssignment + extend ActiveSupport::Concern + include ActiveModel::DeprecatedMassAssignmentSecurity include ActiveModel::ForbiddenAttributesProtection # Allows you to set all the attributes at once by passing in a hash with keys |