From f86f7702507f477eb8f0a8e914bdb53219fac953 Mon Sep 17 00:00:00 2001
From: Bogdan Gusiev <agresso@gmail.com>
Date: Thu, 28 Jul 2011 11:56:08 +0300
Subject: MassAssignmentProtection: consider 'id' insensetive in
 StrictSanitizer

In order to use StrictSanitizer in test mode
Consider :id as not sensetive attribute that can be filtered from
mass assignement without exception.
---
 activemodel/lib/active_model/mass_assignment_security/sanitizer.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'activemodel/lib/active_model/mass_assignment_security/sanitizer.rb')

diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index bb0526adc3..bbdddfb50d 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -44,8 +44,13 @@ module ActiveModel
 
     class StrictSanitizer < Sanitizer
       def process_removed_attributes(attrs)
+        return if (attrs - insensitive_attributes).empty?
         raise ActiveModel::MassAssignmentSecurity::Error, "Can't mass-assign protected attributes: #{attrs.join(', ')}"
       end
+
+      def insensitive_attributes
+        ['id']
+      end
     end
 
     class Error < StandardError
-- 
cgit v1.2.3