From c7567c9a6dee1380432beaf88c1854a4ed6bb15b Mon Sep 17 00:00:00 2001
From: Bogdan Gusiev <agresso@gmail.com>
Date: Thu, 26 May 2011 15:58:43 +0300
Subject: MassAssignmentSecurity: add ability to specify your own sanitizer

Added an ability to specify your own behavior on mass assingment
protection, controlled by option:
ActiveModel::MassAssignmentSecurity.mass_assignment_sanitizer
---
 .../test/cases/mass_assignment_security/sanitizer_test.rb   | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'activemodel/test/cases/mass_assignment_security/sanitizer_test.rb')

diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
index 9a73a5ad91..8547694c24 100644
--- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -4,24 +4,21 @@ require 'active_support/core_ext/object/inclusion'
 
 class SanitizerTest < ActiveModel::TestCase
 
-  class SanitizingAuthorizer
-    include ActiveModel::MassAssignmentSecurity::Sanitizer
-
-    attr_accessor :logger
 
+  class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
     def deny?(key)
       key.in?(['admin'])
     end
-
   end
 
   def setup
-    @sanitizer = SanitizingAuthorizer.new
+    @sanitizer = ActiveModel::MassAssignmentSecurity::DefaultSanitizer.new
+    @authorizer = Authorizer.new
   end
 
   test "sanitize attributes" do
     original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
-    attributes = @sanitizer.sanitize(original_attributes)
+    attributes = @sanitizer.sanitize(original_attributes, @authorizer)
 
     assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
     assert !attributes.key?('admin'),     "Denied key should be rejected"
@@ -31,7 +28,7 @@ class SanitizerTest < ActiveModel::TestCase
     original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
     log = StringIO.new
     @sanitizer.logger = Logger.new(log)
-    @sanitizer.sanitize(original_attributes)
+    @sanitizer.sanitize(original_attributes, @authorizer)
     assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
   end
 
-- 
cgit v1.2.3