Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Test and document use with Strong Parameters, fixes #96

  • Loading branch information...
commit 5fa89091854a05a42d0cd850ae193884fce064e7 1 parent d8376e0
@cgriego authored
View
6 Gemfile
@@ -1,7 +1,11 @@
source "https://rubygems.org"
gemspec :development_group => :test
-gem "factory_girl", "< 3.0", :group => :test if RUBY_VERSION < "1.9.2"
+
+if RUBY_VERSION < "1.9.2"
+ gem "factory_girl", "< 3.0", :group => :test
+ gem "strong_parameters", :git => "git://github.com/rails/strong_parameters.git", :group => :test
+end
group :development do
gem "debugger", :platforms => :mri_19
View
10 README.md
@@ -27,6 +27,7 @@ ActiveAttr is distributed as a rubygem [on rubygems.org][rubygems].
[railscast poster]: http://railscasts.com/assets/episodes/stills/326-activeattr.png
[railscast]: http://railscasts.com/episodes/326-activeattr
[rubygems]: http://rubygems.org/gems/active_attr
+[strong_parameters]: https://github.com/rails/strong_parameters
[speakerdeck slide]: https://speakerd.s3.amazonaws.com/presentations/4f31f1dec583b4001f008ec3/thumb_slide_0.jpg
[speakerdeck]: https://speakerdeck.com/u/cgriego/p/models-models-every-where
[travis badge]: https://secure.travis-ci.org/cgriego/active_attr.png?branch=master
@@ -183,6 +184,15 @@ blacklists or whitelists including support for mass assignment roles.
person.first_name #=> "Chris"
person.last_name #=> nil
+If you prefer the [Strong Paramters][strong_parameters] approach,
+include the ActiveModel::ForbiddenAttributesProtection module after
+including the MassAssignmentSecurity model.
+
+ class Person
+ include ActiveAttr::MassAssignmentSecurity
+ include ActiveModel::ForbiddenAttributesProtection
+ end
+
### Model ###
The Model module is a shortcut for incorporating the most common model
View
11 active_attr.gemspec
@@ -18,9 +18,10 @@ Gem::Specification.new do |gem|
gem.add_runtime_dependency "activemodel", ">= 3.0.2", "< 4.1"
gem.add_runtime_dependency "activesupport", ">= 3.0.2", "< 4.1"
- gem.add_development_dependency "bundler", "~> 1.0"
- gem.add_development_dependency "factory_girl", ">= 2.2", "< 4.0"
- gem.add_development_dependency "rake", "~> 0.9.0"
- gem.add_development_dependency "rspec", "~> 2.6"
- gem.add_development_dependency "tzinfo", "~> 0.3.29"
+ gem.add_development_dependency "bundler", "~> 1.0"
+ gem.add_development_dependency "factory_girl", ">= 2.2", "< 4.0"
+ gem.add_development_dependency "rake", "~> 0.9.0"
+ gem.add_development_dependency "rspec", "~> 2.6"
+ gem.add_development_dependency "strong_parameters", "~> 0.1.3"
+ gem.add_development_dependency "tzinfo", "~> 0.3.29"
end
View
6 gemfiles/rails_3_0.gemfile
@@ -1,7 +1,11 @@
source "http://rubygems.org"
gemspec :development_group => :test, :path => ".."
-gem "factory_girl", "< 3.0", :group => :test if RUBY_VERSION < "1.9.2"
+
+if RUBY_VERSION < "1.9.2"
+ gem "factory_girl", "< 3.0", :group => :test
+ gem "strong_parameters", :git => "git://github.com/rails/strong_parameters.git", :group => :test
+end
gem "activemodel", "~> 3.0.2"
gem "activesupport", "~> 3.0.2"
View
6 gemfiles/rails_3_1.gemfile
@@ -1,7 +1,11 @@
source "http://rubygems.org"
gemspec :development_group => :test, :path => ".."
-gem "factory_girl", "< 3.0", :group => :test if RUBY_VERSION < "1.9.2"
+
+if RUBY_VERSION < "1.9.2"
+ gem "factory_girl", "< 3.0", :group => :test
+ gem "strong_parameters", :git => "git://github.com/rails/strong_parameters.git", :group => :test
+end
gem "activemodel", "~> 3.1.0"
gem "activesupport", "~> 3.1.0"
View
44 spec/functional/active_attr/mass_assignment_security_spec.rb
@@ -0,0 +1,44 @@
+require "spec_helper"
+require "active_attr/mass_assignment_security"
+require "strong_parameters"
+
+module ActiveAttr
+ describe MassAssignmentSecurity, :mass_assignment do
+ context "integrating with strong_parameters" do
+ subject { model_class }
+
+ before do
+ model_class.class_eval do
+ include ActiveAttr::MassAssignmentSecurity
+ include ActiveModel::ForbiddenAttributesProtection
+ attr_accessor :age
+ end
+ end
+
+ shared_examples "strong mass assignment method", :strong_mass_assignment_method => true do
+ it "raises if provided parameters when none are permitted" do
+ expect { mass_assign_attributes(ActionController::Parameters.new(:age => 21)) }.to raise_error ActiveModel::ForbiddenAttributes
+ end
+
+ it "sets a permitted parameter" do
+ person = mass_assign_attributes(ActionController::Parameters.new(:age => 21).permit(:age))
+ person.age.should == 21
+ end
+
+ it "does not set forbidden parameters" do
+ person = mass_assign_attributes(ActionController::Parameters.new(:age => 21).permit(:first_name))
+ person.age.should be_nil
+ end
+
+ it "continues to set normal attributes" do
+ person = mass_assign_attributes(:age => 21)
+ person.age.should == 21
+ end
+ end
+
+ describe "#assign_attributes", :assign_attributes, :strong_mass_assignment_method
+ describe "#attributes=", :attributes=, :strong_mass_assignment_method
+ describe "#initialize", :initialize, :strong_mass_assignment_method
+ end
+ end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.