diff options
Diffstat (limited to 'actionpack/test/controller/permitted_params_test.rb')
-rw-r--r-- | actionpack/test/controller/permitted_params_test.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/actionpack/test/controller/permitted_params_test.rb b/actionpack/test/controller/permitted_params_test.rb new file mode 100644 index 0000000000..caac88ffb2 --- /dev/null +++ b/actionpack/test/controller/permitted_params_test.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +require "abstract_unit" + +class PeopleController < ActionController::Base + def create + render plain: params[:person].permitted? ? "permitted" : "forbidden" + end + + def create_with_permit + render plain: params[:person].permit(:name).permitted? ? "permitted" : "forbidden" + end +end + +class ActionControllerPermittedParamsTest < ActionController::TestCase + tests PeopleController + + test "parameters are forbidden" do + post :create, params: { person: { name: "Mjallo!" } } + assert_equal "forbidden", response.body + end + + test "parameters can be permitted and are then not forbidden" do + post :create_with_permit, params: { person: { name: "Mjallo!" } } + assert_equal "permitted", response.body + end +end |