From 58399e1dc3e40b0f6cf8f5da31d694267afdf328 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Chac=C3=B3n?= <rafaelchacon@gmail.com>
Date: Fri, 27 Jun 2014 13:08:40 -0700
Subject: Improvements per code review.

* General style fixes.
* Add changes to configuration guide.
* Add missing tests.
---
 .../action_controller/metal/strong_parameters.rb   |  7 +++---
 .../parameters/always_permitted_parameters_test.rb | 29 ++++++++++++++++++++++
 2 files changed, 32 insertions(+), 4 deletions(-)
 create mode 100644 actionpack/test/controller/parameters/always_permitted_parameters_test.rb

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 71dca877b6..45d819c29a 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -105,11 +105,10 @@ module ActionController
     # params are present. The default includes both 'controller' and 'action'
     # because they are added by Rails and should be of no concern. One way
     # to change these is to specify `always_permitted_parameters` in your
-    # config, e.g.
-    # `config.always_permitted_parameters = %w( controller action format )`
-
+    # config. For instance:
+    #
+    #    config.always_permitted_parameters = %w( controller action format )
     cattr_accessor :always_permitted_parameters
-
     self.always_permitted_parameters = %w( controller action )
 
     def self.const_missing(const_name)
diff --git a/actionpack/test/controller/parameters/always_permitted_parameters_test.rb b/actionpack/test/controller/parameters/always_permitted_parameters_test.rb
new file mode 100644
index 0000000000..059f310d49
--- /dev/null
+++ b/actionpack/test/controller/parameters/always_permitted_parameters_test.rb
@@ -0,0 +1,29 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class AlwaysPermittedParametersTest < ActiveSupport::TestCase
+  def setup
+    ActionController::Parameters.action_on_unpermitted_parameters = :raise
+    ActionController::Parameters.always_permitted_parameters = %w( controller action format )
+  end
+
+  def teardown
+    ActionController::Parameters.action_on_unpermitted_parameters = false
+    ActionController::Parameters.always_permitted_parameters = %w( controller action )
+  end
+
+  test "shows deprecations warning on NEVER_UNPERMITTED_PARAMS" do
+    assert_deprecated do
+       ActionController::Parameters::NEVER_UNPERMITTED_PARAMS
+    end
+  end
+
+  test "permits parameters that are whitelisted" do
+    params = ActionController::Parameters.new({
+      book: { pages: 65 },
+      format: "json"
+    })
+    permitted = params.permit book: [:pages]
+    assert permitted.permitted?
+  end
+end
-- 
cgit v1.2.3