aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security/sanitizer_test.rb')
-rw-r--r--activemodel/test/cases/mass_assignment_security/sanitizer_test.rb13
1 files changed, 5 insertions, 8 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
index 9a73a5ad91..8547694c24 100644
--- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -4,24 +4,21 @@ require 'active_support/core_ext/object/inclusion'
class SanitizerTest < ActiveModel::TestCase
- class SanitizingAuthorizer
- include ActiveModel::MassAssignmentSecurity::Sanitizer
-
- attr_accessor :logger
+ class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
def deny?(key)
key.in?(['admin'])
end
-
end
def setup
- @sanitizer = SanitizingAuthorizer.new
+ @sanitizer = ActiveModel::MassAssignmentSecurity::DefaultSanitizer.new
+ @authorizer = Authorizer.new
end
test "sanitize attributes" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- attributes = @sanitizer.sanitize(original_attributes)
+ attributes = @sanitizer.sanitize(original_attributes, @authorizer)
assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
assert !attributes.key?('admin'), "Denied key should be rejected"
@@ -31,7 +28,7 @@ class SanitizerTest < ActiveModel::TestCase
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
log = StringIO.new
@sanitizer.logger = Logger.new(log)
- @sanitizer.sanitize(original_attributes)
+ @sanitizer.sanitize(original_attributes, @authorizer)
assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 17:39:45 +0000