Permalink
Browse files

ParamsWrapper only wrap the accessible attributes when they were set

  • Loading branch information...
1 parent 30f0d7b commit d5526218e43072a3b9b4a55568f4b29b3a2c0445 Jean-Francois Turcot committed Dec 8, 2011
View
9 actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -43,6 +43,11 @@ module ActionController
# wrap_parameters :person, :include => [:username, :password]
# end
#
+ # On ActiveRecord models with no +:include+ or +:exclude+ option set,
+ # if attr_accessible is set on that model, it will only wrap the accessible
+ # parameters, else it will only wrap the parameters returned by the class
+ # method attribute_names.
+ #
# If you're going to pass the parameters to an +ActiveModel+ object (such as
# +User.new(params[:user])+), you might consider passing the model class to
# the method instead. The +ParamsWrapper+ will actually try to determine the
@@ -162,7 +167,9 @@ def _set_wrapper_defaults(options, model=nil)
unless options[:include] || options[:exclude]
model ||= _default_wrap_model
- if model.respond_to?(:attribute_names) && model.attribute_names.present?
+ if model.respond_to?(:accessible_attributes) && model.accessible_attributes.present?
+ options[:include] = model.accessible_attributes.to_a
+ elsif model.respond_to?(:attribute_names) && model.attribute_names.present?
options[:include] = model.attribute_names
end
end
View
29 actionpack/test/controller/params_wrapper_test.rb
@@ -26,7 +26,7 @@ def parse
self.class.last_parameters = request.params.except(:controller, :action)
head :ok
end
- end
+end
@sobrinho
sobrinho Dec 9, 2011

space typo ;)

class User; end
class Person; end
@@ -147,6 +147,7 @@ def test_nested_params
end
def test_derived_wrapped_keys_from_matching_model
+ User.expects(:respond_to?).with(:accessible_attributes).returns(false)
User.expects(:respond_to?).with(:attribute_names).returns(true)
User.expects(:attribute_names).twice.returns(["username"])
@@ -159,6 +160,7 @@ def test_derived_wrapped_keys_from_matching_model
def test_derived_wrapped_keys_from_specified_model
with_default_wrapper_options do
+ Person.expects(:respond_to?).with(:accessible_attributes).returns(false)
Person.expects(:respond_to?).with(:attribute_names).returns(true)
Person.expects(:attribute_names).twice.returns(["username"])
@@ -169,8 +171,33 @@ def test_derived_wrapped_keys_from_specified_model
assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
end
end
+
+ def test_accessible_wrapped_keys_from_matching_model
+ User.expects(:respond_to?).with(:accessible_attributes).returns(true)
+ User.expects(:accessible_attributes).twice.returns(["username"])
+
+ with_default_wrapper_options do
+ @request.env['CONTENT_TYPE'] = 'application/json'
+ post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
+ assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'user' => { 'username' => 'sikachu' }})
+ end
+ end
+
+ def test_accessible_wrapped_keys_from_specified_model
+ with_default_wrapper_options do
+ Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
+ Person.expects(:accessible_attributes).twice.returns(["username"])
+
+ UsersController.wrap_parameters Person
+
+ @request.env['CONTENT_TYPE'] = 'application/json'
+ post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
+ assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
+ end
+ end
def test_not_wrapping_abstract_model
+ User.expects(:respond_to?).with(:accessible_attributes).returns(false)
User.expects(:respond_to?).with(:attribute_names).returns(true)
User.expects(:attribute_names).returns([])

0 comments on commit d552621

Please sign in to comment.