Permalink
Browse files

Merge pull request #1839 from wildchild/3-1-stable

Allow to specify roles for mass-assignment as array
  • Loading branch information...
2 parents 03580e0 + 79956db commit c8ff12ca977370cfd6ba456897acfde5db1a09f5 @josevalim josevalim committed Jun 24, 2011
@@ -1,4 +1,5 @@
require 'active_support/core_ext/class/attribute.rb'
+require 'active_support/core_ext/array/wrap'
require 'active_model/mass_assignment_security/permission_set'
module ActiveModel
@@ -95,8 +96,11 @@ def attr_protected(*args)
options = args.extract_options!
role = options[:as] || :default
- self._protected_attributes = protected_attributes_configs.dup
- self._protected_attributes[role] = self.protected_attributes(role) + args
+ self._protected_attributes = protected_attributes_configs.dup
+
+ Array.wrap(role).each do |name|
+ self._protected_attributes[name] = self.protected_attributes(name) + args
+ end
self._active_authorizer = self._protected_attributes
end
@@ -154,8 +158,11 @@ def attr_accessible(*args)
options = args.extract_options!
role = options[:as] || :default
- self._accessible_attributes = accessible_attributes_configs.dup
- self._accessible_attributes[role] = self.accessible_attributes(role) + args
+ self._accessible_attributes = accessible_attributes_configs.dup
+
+ Array.wrap(role).each do |name|
+ self._accessible_attributes[name] = self.accessible_attributes(name) + args
+ end
self._active_authorizer = self._accessible_attributes
end
@@ -34,6 +34,20 @@ def test_attributes_accessible_with_admin_role
assert_equal expected, sanitized
end
+ def test_attributes_accessible_with_roles_given_as_array
+ user = Account.new
+ expected = { "name" => "John Smith", "email" => "john@smith.com" }
+ sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
+ assert_equal expected, sanitized
+ end
+
+ def test_attributes_accessible_with_admin_role_when_roles_given_as_array
+ user = Account.new
+ expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
+ sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
+ assert_equal expected, sanitized
+ end
+
def test_attributes_protected_by_default
firm = Firm.new
expected = { }
@@ -20,6 +20,14 @@ class Person
public :sanitize_for_mass_assignment
end
+class Account
+ include ActiveModel::MassAssignmentSecurity
+ attr_accessible :name, :email, :as => [:default, :admin]
+ attr_accessible :admin, :as => :admin
+
+ public :sanitize_for_mass_assignment
+end
+
class Firm
include ActiveModel::MassAssignmentSecurity
@@ -65,4 +73,4 @@ def self.attributes_protected_by_default
class TightDescendant < TightPerson
attr_accessible :phone_number
attr_accessible :super_powers, :as => :admin
-end
+end

0 comments on commit c8ff12c

Please sign in to comment.