Permalink
Browse files

attr_protected and _accessible use sets of strings instead of arrays …

…of symbols internally. Closes #10300.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8231 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent a33007d commit 3a3e7efee9443fad159dc88a670ad28f12b98438 @jeremy jeremy committed Nov 28, 2007
Showing with 16 additions and 8 deletions.
  1. +4 −4 activerecord/lib/active_record/base.rb
  2. +12 −4 activerecord/test/base_test.rb
@@ -628,7 +628,7 @@ def decrement_counter(counter_name, id)
#
# To start from an all-closed default and enable attributes as needed, have a look at attr_accessible.
def attr_protected(*attributes)
- write_inheritable_array("attr_protected", attributes - (protected_attributes || []))
+ write_inheritable_attribute("attr_protected", Set.new(attributes.map(&:to_s)) + (protected_attributes || []))
end
# Returns an array of all the attributes that have been protected from mass-assignment.
@@ -662,7 +662,7 @@ def protected_attributes # :nodoc:
# customer.credit_rating = "Average"
# customer.credit_rating # => "Average"
def attr_accessible(*attributes)
- write_inheritable_array("attr_accessible", attributes - (accessible_attributes || []))
+ write_inheritable_attribute("attr_accessible", Set.new(attributes.map(&:to_s)) + (accessible_attributes || []))
end
# Returns an array of all the attributes that have been made accessible to mass-assignment.
@@ -2084,9 +2084,9 @@ def remove_attributes_protected_from_mass_assignment(attributes)
if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil?
attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
elsif self.class.protected_attributes.nil?
- attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
+ attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
elsif self.class.accessible_attributes.nil?
- attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
+ attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
else
raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both."
end
@@ -40,6 +40,11 @@ class LooseDescendant < LoosePerson
attr_protected :phone_number
end
+class LooseDescendantSecond< LoosePerson
+ attr_protected :phone_number
+ attr_protected :name
+end
+
class TightPerson < ActiveRecord::Base
self.table_name = 'people'
attr_accessible :name, :address
@@ -843,16 +848,19 @@ def test_mass_assignment_accessible
def test_mass_assignment_protection_inheritance
assert_nil LoosePerson.accessible_attributes
- assert_equal [ :credit_rating, :administrator ], LoosePerson.protected_attributes
+ assert_equal Set.new([ 'credit_rating', 'administrator' ]), LoosePerson.protected_attributes
assert_nil LooseDescendant.accessible_attributes
- assert_equal [ :credit_rating, :administrator, :phone_number ], LooseDescendant.protected_attributes
+ assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number' ]), LooseDescendant.protected_attributes
+
+ assert_nil LooseDescendantSecond.accessible_attributes
+ assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number', 'name' ]), LooseDescendantSecond.protected_attributes, 'Running attr_protected twice in one class should merge the protections'
assert_nil TightPerson.protected_attributes
- assert_equal [ :name, :address ], TightPerson.accessible_attributes
+ assert_equal Set.new([ 'name', 'address' ]), TightPerson.accessible_attributes
assert_nil TightDescendant.protected_attributes
- assert_equal [ :name, :address, :phone_number ], TightDescendant.accessible_attributes
+ assert_equal Set.new([ 'name', 'address', 'phone_number' ]), TightDescendant.accessible_attributes
end
def test_readonly_attributes

0 comments on commit 3a3e7ef

Please sign in to comment.