From a1b9acb72ec4b3a3d11f77efe64effb79e58b45d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 15 Feb 2012 05:21:20 -0800 Subject: [PATCH] Merge pull request #5049 from fabioyamate/master Fix sanitize_for_mass_assigment when role is nil --- activemodel/lib/active_model/mass_assignment_security.rb | 6 +++--- activemodel/test/cases/mass_assignment_security_test.rb | 7 +++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb index 3f9feb76312b3..e1fb1e323109d 100644 --- a/activemodel/lib/active_model/mass_assignment_security.rb +++ b/activemodel/lib/active_model/mass_assignment_security.rb @@ -224,12 +224,12 @@ def accessible_attributes_configs protected - def sanitize_for_mass_assignment(attributes, role = :default) + def sanitize_for_mass_assignment(attributes, role = nil) _mass_assignment_sanitizer.sanitize(attributes, mass_assignment_authorizer(role)) end - def mass_assignment_authorizer(role = :default) - self.class.active_authorizer[role] + def mass_assignment_authorizer(role) + self.class.active_authorizer[role || :default] end end end diff --git a/activemodel/test/cases/mass_assignment_security_test.rb b/activemodel/test/cases/mass_assignment_security_test.rb index be07e59a2ff8a..a197dbe748a2c 100644 --- a/activemodel/test/cases/mass_assignment_security_test.rb +++ b/activemodel/test/cases/mass_assignment_security_test.rb @@ -19,6 +19,13 @@ def test_attribute_protection assert_equal expected, sanitized end + def test_attribute_protection_when_role_is_nil + user = User.new + expected = { "name" => "John Smith", "email" => "john@smith.com" } + sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), nil) + assert_equal expected, sanitized + end + def test_only_moderator_role_attribute_accessible user = SpecialUser.new expected = { "name" => "John Smith", "email" => "john@smith.com" }