Permalink
Browse files

Merge pull request #8291 from senny/8265_build_with_polymorphic_assoc…

…iation

prevent mass assignment of polymorphic type when using `build`

Conflicts:
	activerecord/CHANGELOG.md
  • Loading branch information...
2 parents 43dd9c8 + 053bfa2 commit b313bcba07ea3c8b3dca3601bec23293f803efcc @rafaelfranca rafaelfranca committed Nov 22, 2012
@@ -1,5 +1,10 @@
## Rails 4.0.0 (unreleased) ##
+* Prevent mass assignment to the type column of polymorphic associations when using `build`
+ Fix #8265
+
+ *Yves Senn*
+
* Deprecate calling `Relation#sum` with a block. To perform a calculation over
the array result of the relation, use `to_a.sum(&block)`.
@@ -232,7 +232,8 @@ def stale_state
def build_record(attributes)
reflection.build_association(attributes) do |record|
- attributes = create_scope.except(*(record.changed - [reflection.foreign_key]))
+ skip_assign = [reflection.foreign_key, reflection.type].compact
+ attributes = create_scope.except(*(record.changed - skip_assign))
record.assign_attributes(attributes)
end
end
@@ -1579,6 +1579,14 @@ def test_abstract_class_with_polymorphic_has_many
assert_equal [tagging], post.taggings
end
+ def test_build_with_polymotphic_has_many_does_not_allow_to_override_type_and_id
+ welcome = posts(:welcome)
+ tagging = welcome.taggings.build(:taggable_id => 99, :taggable_type => 'ShouldNotChange')
+
+ assert_equal welcome.id, tagging.taggable_id
+ assert_equal 'Post', tagging.taggable_type
+ end
+
def test_dont_call_save_callbacks_twice_on_has_many
firm = companies(:first_firm)
contract = firm.contracts.create!

0 comments on commit b313bcb

Please sign in to comment.