Skip to content
Browse files

Add test for Micropost user_id

  • Loading branch information...
1 parent de61097 commit f66ba2b8bf0ab00e2be46d6bdcd1037a17167a5c @mhartl mhartl committed Mar 30, 2012
Showing with 41 additions and 37 deletions.
  1. +1 −1 Gemfile
  2. +31 −35 Gemfile.lock
  3. +1 −1 config/application.rb
  4. +8 −0 spec/models/micropost_spec.rb
View
2 Gemfile
@@ -1,6 +1,6 @@
source 'https://rubygems.org'
-gem 'rails', '3.2.2'
+gem 'rails', '3.2.3'
gem 'bootstrap-sass', '2.0.0'
gem 'bcrypt-ruby', '3.0.1'
gem 'faker', '1.0.1'
View
66 Gemfile.lock
@@ -1,31 +1,31 @@
GEM
remote: https://rubygems.org/
specs:
- actionmailer (3.2.2)
- actionpack (= 3.2.2)
- mail (~> 2.4.0)
- actionpack (3.2.2)
- activemodel (= 3.2.2)
- activesupport (= 3.2.2)
+ actionmailer (3.2.3)
+ actionpack (= 3.2.3)
+ mail (~> 2.4.4)
+ actionpack (3.2.3)
+ activemodel (= 3.2.3)
+ activesupport (= 3.2.3)
builder (~> 3.0.0)
erubis (~> 2.7.0)
journey (~> 1.0.1)
rack (~> 1.4.0)
- rack-cache (~> 1.1)
+ rack-cache (~> 1.2)
rack-test (~> 0.6.1)
sprockets (~> 2.1.2)
- activemodel (3.2.2)
- activesupport (= 3.2.2)
+ activemodel (3.2.3)
+ activesupport (= 3.2.3)
builder (~> 3.0.0)
- activerecord (3.2.2)
- activemodel (= 3.2.2)
- activesupport (= 3.2.2)
+ activerecord (3.2.3)
+ activemodel (= 3.2.3)
+ activesupport (= 3.2.3)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
- activeresource (3.2.2)
- activemodel (= 3.2.2)
- activesupport (= 3.2.2)
- activesupport (3.2.2)
+ activeresource (3.2.3)
+ activemodel (= 3.2.3)
+ activesupport (= 3.2.3)
+ activesupport (3.2.3)
i18n (~> 0.6)
multi_json (~> 1.0)
arel (3.0.2)
@@ -62,7 +62,6 @@ GEM
faker (1.0.1)
i18n (~> 0.4)
ffi (1.0.11)
- growl (1.0.3)
guard (1.0.1)
ffi (>= 0.5.0)
thor (~> 0.14.6)
@@ -77,13 +76,13 @@ GEM
jquery-rails (2.0.0)
railties (>= 3.2.0.beta, < 5.0)
thor (~> 0.14)
- json (1.6.5)
- mail (2.4.3)
+ json (1.6.6)
+ mail (2.4.4)
i18n (>= 0.4.0)
mime-types (~> 1.16)
treetop (~> 1.4.8)
- mime-types (1.17.2)
- multi_json (1.1.0)
+ mime-types (1.18)
+ multi_json (1.2.0)
nokogiri (1.5.0)
pg (0.12.2)
polyglot (0.3.3)
@@ -94,23 +93,22 @@ GEM
rack
rack-test (0.6.1)
rack (>= 1.0)
- rails (3.2.2)
- actionmailer (= 3.2.2)
- actionpack (= 3.2.2)
- activerecord (= 3.2.2)
- activeresource (= 3.2.2)
- activesupport (= 3.2.2)
+ rails (3.2.3)
+ actionmailer (= 3.2.3)
+ actionpack (= 3.2.3)
+ activerecord (= 3.2.3)
+ activeresource (= 3.2.3)
+ activesupport (= 3.2.3)
bundler (~> 1.0)
- railties (= 3.2.2)
- railties (3.2.2)
- actionpack (= 3.2.2)
- activesupport (= 3.2.2)
+ railties (= 3.2.3)
+ railties (3.2.3)
+ actionpack (= 3.2.3)
+ activesupport (= 3.2.3)
rack-ssl (~> 1.3.2)
rake (>= 0.8.7)
rdoc (~> 3.4)
thor (~> 0.14.6)
rake (0.9.2.2)
- rb-fsevent (0.4.3.1)
rdoc (3.12)
json (~> 1.4)
rspec (2.9.0)
@@ -167,13 +165,11 @@ DEPENDENCIES
coffee-rails (= 3.2.2)
factory_girl_rails (= 1.4.0)
faker (= 1.0.1)
- growl (= 1.0.3)
guard-rspec (= 0.5.5)
guard-spork (= 0.3.2)
jquery-rails (= 2.0.0)
pg (= 0.12.2)
- rails (= 3.2.2)
- rb-fsevent (= 0.4.3.1)
+ rails (= 3.2.3)
rspec-rails (= 2.9.0)
sass-rails (= 3.2.4)
spork (= 0.9.0)
View
2 config/application.rb
@@ -54,7 +54,7 @@ class Application < Rails::Application
# This will create an empty whitelist of attributes available for mass-assignment for all models
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
# parameters by using an attr_accessible or attr_protected declaration.
- # config.active_record.whitelist_attributes = true
+ config.active_record.whitelist_attributes = true
# Enable the asset pipeline
config.assets.enabled = true
View
8 spec/models/micropost_spec.rb
@@ -7,6 +7,14 @@
subject { @micropost }
+ describe "accessible attributes" do
+ it "should not allow access to user_id" do
+ expect do
+ @micropost.update_attributes(user_id: user.id)
+ end.should raise_error(ActiveModel::MassAssignmentSecurity::Error)
+ end
+ end
+
it { should respond_to(:content) }
it { should respond_to(:user_id) }
it { should respond_to(:user) }

0 comments on commit f66ba2b

Please sign in to comment.
Something went wrong with that request. Please try again.