Permalink
Browse files

allow_mass_assignment_of: handle situation when all attributes are pr…

…otected (attr_accessible without args)
  • Loading branch information...
1 parent 105e102 commit d6363a621176e6428eeb543e0405d4c4e76ef7b1 @enodata enodata committed with josevalim Dec 3, 2009
@@ -15,25 +15,25 @@ class AllowMassAssignmentOfMatcher < Remarkable::ActiveRecord::Base #:nodoc:
#
def allows?
return positive? unless @attributes.empty?
- protected_attributes.empty?
+ protected_attributes.nil? || protected_attributes.empty?
end
def is_accessible?
- return positive? if accessible_attributes.empty?
+ return positive? if accessible_attributes.nil?
accessible_attributes.include?(@attribute.to_s)
end
def is_protected?
- return accessible_attributes.empty? || positive? if protected_attributes.empty?
+ return accessible_attributes.nil? || positive? if protected_attributes.nil?
!protected_attributes.include?(@attribute.to_s)
end
def interpolation_options
if @subject
if positive?
- { :protected_attributes => array_to_sentence(protected_attributes.to_a, false, '[]') }
+ { :protected_attributes => array_to_sentence((protected_attributes || []).to_a, false, '[]') }
else
- { :accessible_attributes => array_to_sentence(accessible_attributes.to_a, false, '[]') }
+ { :accessible_attributes => array_to_sentence((accessible_attributes || []).to_a, false, '[]') }
end
else
{}
@@ -43,11 +43,11 @@ def interpolation_options
private
def accessible_attributes
- @accessible_attributes ||= subject_class.accessible_attributes || []
+ @accessible_attributes = subject_class.accessible_attributes
end
def protected_attributes
- @protected_attributes ||= subject_class.protected_attributes || []
+ @protected_attributes = subject_class.protected_attributes
end
end
@@ -8,6 +8,7 @@ def define_and_validate(options={})
attr_protected :title, :category if options[:protected]
attr_accessible :title, :category if options[:accessible] == true
+ attr_accessible if options[:accessible] == false
attr_accessible *options[:accessible] if options[:accessible].is_a?(Array)
end
@@ -64,6 +65,13 @@ def define_and_validate(options={})
define_and_validate(:protected => true)
should_not allow_mass_assignment_of
end
+
+ it 'should not allow mass assignment if all attributes are protected by default' do
+ define_and_validate(:accessible => false)
+ should allow_mass_assignment_of
+ should_not allow_mass_assignment_of :title
+ should_not allow_mass_assignment_of :category
+ end
end
end
@@ -78,7 +86,7 @@ def define_and_validate(options={})
end
describe 'failures' do
- it "should fail if some attribute is accessible when it shuold be protected" do
+ it "should fail if some attribute is accessible when it should be protected" do
define_and_validate(:accessible => true)
lambda {

0 comments on commit d6363a6

Please sign in to comment.