aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/permitted_params_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/controller/permitted_params_test.rb')
-rw-r--r--actionpack/test/controller/permitted_params_test.rb27
1 files changed, 27 insertions, 0 deletions
diff --git a/actionpack/test/controller/permitted_params_test.rb b/actionpack/test/controller/permitted_params_test.rb
new file mode 100644
index 0000000000..caac88ffb2
--- /dev/null
+++ b/actionpack/test/controller/permitted_params_test.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require "abstract_unit"
+
+class PeopleController < ActionController::Base
+ def create
+ render plain: params[:person].permitted? ? "permitted" : "forbidden"
+ end
+
+ def create_with_permit
+ render plain: params[:person].permit(:name).permitted? ? "permitted" : "forbidden"
+ end
+end
+
+class ActionControllerPermittedParamsTest < ActionController::TestCase
+ tests PeopleController
+
+ test "parameters are forbidden" do
+ post :create, params: { person: { name: "Mjallo!" } }
+ assert_equal "forbidden", response.body
+ end
+
+ test "parameters can be permitted and are then not forbidden" do
+ post :create_with_permit, params: { person: { name: "Mjallo!" } }
+ assert_equal "permitted", response.body
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 21:11:20 +0000