Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

ParamsWrapper only wrap the accessible attributes when they were set

  • Loading branch information...
commit d5526218e43072a3b9b4a55568f4b29b3a2c0445 1 parent 30f0d7b
authored December 07, 2011
9  actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -43,6 +43,11 @@ module ActionController
43 43
   #       wrap_parameters :person, :include => [:username, :password]
44 44
   #     end
45 45
   #
  46
+  # On ActiveRecord models with no +:include+ or +:exclude+ option set, 
  47
+  # if attr_accessible is set on that model, it will only wrap the accessible
  48
+  # parameters, else it will only wrap the parameters returned by the class 
  49
+  # method attribute_names.
  50
+  #
46 51
   # If you're going to pass the parameters to an +ActiveModel+ object (such as
47 52
   # +User.new(params[:user])+), you might consider passing the model class to
48 53
   # the method instead. The +ParamsWrapper+ will actually try to determine the
@@ -162,7 +167,9 @@ def _set_wrapper_defaults(options, model=nil)
162 167
 
163 168
         unless options[:include] || options[:exclude]
164 169
           model ||= _default_wrap_model
165  
-          if model.respond_to?(:attribute_names) && model.attribute_names.present?
  170
+          if model.respond_to?(:accessible_attributes) && model.accessible_attributes.present?
  171
+            options[:include] = model.accessible_attributes.to_a
  172
+          elsif model.respond_to?(:attribute_names) && model.attribute_names.present?
166 173
             options[:include] = model.attribute_names
167 174
           end
168 175
         end
29  actionpack/test/controller/params_wrapper_test.rb
@@ -26,7 +26,7 @@ def parse
26 26
       self.class.last_parameters = request.params.except(:controller, :action)
27 27
       head :ok
28 28
     end
29  
-  end
  29
+end
30 30
 
31 31
   class User; end
32 32
   class Person; end
@@ -147,6 +147,7 @@ def test_nested_params
147 147
   end
148 148
 
149 149
   def test_derived_wrapped_keys_from_matching_model
  150
+    User.expects(:respond_to?).with(:accessible_attributes).returns(false)
150 151
     User.expects(:respond_to?).with(:attribute_names).returns(true)
151 152
     User.expects(:attribute_names).twice.returns(["username"])
152 153
 
@@ -159,6 +160,7 @@ def test_derived_wrapped_keys_from_matching_model
159 160
 
160 161
   def test_derived_wrapped_keys_from_specified_model
161 162
     with_default_wrapper_options do
  163
+      Person.expects(:respond_to?).with(:accessible_attributes).returns(false)
162 164
       Person.expects(:respond_to?).with(:attribute_names).returns(true)
163 165
       Person.expects(:attribute_names).twice.returns(["username"])
164 166
 
@@ -169,8 +171,33 @@ def test_derived_wrapped_keys_from_specified_model
169 171
       assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
170 172
     end
171 173
   end
  174
+  
  175
+  def test_accessible_wrapped_keys_from_matching_model
  176
+    User.expects(:respond_to?).with(:accessible_attributes).returns(true)
  177
+    User.expects(:accessible_attributes).twice.returns(["username"])
  178
+    
  179
+    with_default_wrapper_options do
  180
+      @request.env['CONTENT_TYPE'] = 'application/json'
  181
+      post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
  182
+      assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'user' => { 'username' => 'sikachu' }})
  183
+    end
  184
+  end
  185
+  
  186
+  def test_accessible_wrapped_keys_from_specified_model
  187
+    with_default_wrapper_options do
  188
+      Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
  189
+      Person.expects(:accessible_attributes).twice.returns(["username"])
  190
+
  191
+      UsersController.wrap_parameters Person
  192
+
  193
+      @request.env['CONTENT_TYPE'] = 'application/json'
  194
+      post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
  195
+      assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
  196
+    end
  197
+  end
172 198
 
173 199
   def test_not_wrapping_abstract_model
  200
+    User.expects(:respond_to?).with(:accessible_attributes).returns(false)
174 201
     User.expects(:respond_to?).with(:attribute_names).returns(true)
175 202
     User.expects(:attribute_names).returns([])
176 203
 

0 notes on commit d552621

Please sign in to comment.
Something went wrong with that request. Please try again.