Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #9 from diminish7/inheritance_column_support

Mass assignment with inheritance column
  • Loading branch information...
commit c8aa047098e1e8e3eb7bf9eb78ec77187cbc00fe 2 parents 516faf0 + a1f0f71
@pixeltrix pixeltrix authored
View
2  lib/active_record/mass_assignment_security.rb
@@ -8,6 +8,7 @@
require "active_record/mass_assignment_security/relation"
require "active_record/mass_assignment_security/validations"
require "active_record/mass_assignment_security/associations"
+require "active_record/mass_assignment_security/inheritance"
class ActiveRecord::Base
include ActiveRecord::MassAssignmentSecurity::Core
@@ -16,6 +17,7 @@ class ActiveRecord::Base
include ActiveRecord::MassAssignmentSecurity::Relation
include ActiveRecord::MassAssignmentSecurity::Validations
include ActiveRecord::MassAssignmentSecurity::NestedAttributes
+ include ActiveRecord::MassAssignmentSecurity::Inheritance
end
ActiveRecord::SchemaMigration.attr_accessible(:version)
View
18 lib/active_record/mass_assignment_security/inheritance.rb
@@ -0,0 +1,18 @@
+module ActiveRecord
+ module MassAssignmentSecurity
+ module Inheritance
+ extend ActiveSupport::Concern
+
+ module ClassMethods
+ private
+ # Detect the subclass from the inheritance column of attrs. If the inheritance column value
+ # is not self or a valid subclass, raises ActiveRecord::SubclassNotFound
+ # If this is a StrongParameters hash, and access to inheritance_column is not permitted,
+ # this will ignore the inheritance column and return nil
+ def subclass_from_attrs(attrs)
+ active_authorizer[:default].deny?(inheritance_column) ? nil : super
+ end
+ end
+ end
+ end
+end
View
18 test/attribute_sanitization_test.rb
@@ -254,6 +254,24 @@ def test_protection_against_class_attribute_writers
assert !Task.new.respond_to?("#{method}=")
end
end
+
+ def test_new_with_protected_inheritance_column
+ firm = Company.new(type: "Firm")
+ assert_equal firm.class, Company
+ end
+
+ def test_new_with_accessible_inheritance_column
+ corporation = Corporation.new(type: "SpecialCorporation")
+ assert_equal corporation.class, SpecialCorporation
+ end
+
+ def test_new_with_invalid_inheritance_column_class
+ assert_raise(ActiveRecord::SubclassNotFound) { Corporation.new(type: "InvalidCorporation") }
+ end
+
+ def test_new_with_unrelated_inheritance_column_class
+ assert_raise(ActiveRecord::SubclassNotFound) { Corporation.new(type: "Person") }
+ end
end
View
7 test/models/company.rb
@@ -96,3 +96,10 @@ def log_after_remove(record)
log << "after_remove#{record.id}"
end
end
+
+class Corporation < Company
+ attr_accessible :type, :name, :description
+end
+
+class SpecialCorporation < Corporation
+end
Please sign in to comment.
Something went wrong with that request. Please try again.