Ensure quick subject bypass protected attributes [#87 status:resolved]

remarkable_activerecord/CHANGELOG

@@ -1,3 +1,5 @@
+* Ensure quick subject bypass protected attributes [#87]
+
 * Added :token and :separator to deal with :tokenizer in validates_length_of [#77]
 
 * Deprecated validate_format_of. It does not have the same API as the respective

remarkable_activerecord/lib/remarkable_activerecord/describe.rb

@@ -137,7 +137,7 @@ def describe(*args, &block)
             #
             example_group = super(*args) do
               write_inheritable_hash(:describe_subject_attributes, attributes)
-              subject { self.class.described_class.new(subject_attributes) }
+              set_described_subject!
               instance_eval(&block)
             end
           else
@@ -160,9 +160,16 @@ def describe(*args, &block)
         #
         def subject_attributes(options=nil, &block)
           write_inheritable_attribute(:default_subject_attributes, options || block)
-          subject { self.class.described_class.new(subject_attributes) }
+          set_described_subject!
         end
 
+        def set_described_subject!
+          subject {
+            record = self.class.described_class.new
+            record.send(:attributes=, subject_attributes, false)
+            record
+          }
+        end
       end
 
       # Returns a hash with the subject attributes declared using the

remarkable_activerecord/spec/describe_spec.rb

@@ -5,9 +5,9 @@
 class Post
   attr_accessor :published, :public, :deleted
 
-  def initialize(attributes={})
+  def attributes=(attributes={}, guard=true)
     attributes.each do |key, value|
-      send(:"#{key}=", value)
+      send(:"#{key}=", value) unless guard
     end
   end