Permalink
Browse files

fix mass-assignment error in user create API

  • Loading branch information...
1 parent 770ec33 commit c61020632147e0855cf229bce81aa080ca1e5992 @NARKOZ committed Oct 19, 2012
Showing with 6 additions and 6 deletions.
  1. +2 −2 lib/api/users.rb
  2. +4 −4 spec/requests/api/users_spec.rb
View
@@ -23,7 +23,7 @@ class Users < Grape::API
@user = User.find(params[:id])
present @user, with: Entities::User
end
-
+
# Create user. Available only for admin
#
# Parameters:
@@ -40,7 +40,7 @@ class Users < Grape::API
post do
authenticated_as_admin!
attrs = attributes_for_keys [:email, :name, :password, :password_confirmation, :skype, :linkedin, :twitter, :projects_limit]
- user = User.new attrs
+ user = User.new attrs, as: :admin
if user.save
present user, with: Entities::User
else
@@ -4,7 +4,7 @@
include ApiHelpers
let(:user) { Factory :user }
- let(:admin) {Factory :admin}
+ let(:admin) { Factory :admin }
let(:key) { Factory :key, user: user }
describe "GET /users" do
@@ -42,9 +42,9 @@
end
it "should create user" do
- expect{
- post api("/users", admin), Factory.attributes(:user)
- }.to change{User.count}.by(1)
+ expect {
+ post api("/users", admin), Factory.attributes(:user, projects_limit: 3)
@vsizov

vsizov Oct 19, 2012

Why projects_limit: 3 ???

+ }.to change { User.count }.by(1)
end
it "shouldn't available for non admin users" do

1 comment on commit c610206

vsizov commented on c610206 Oct 19, 2012

fix mass-assignment error in user create API

What's the error?

Please sign in to comment.