Permalink
Browse files

Rails whitelists attributes now

  • Loading branch information...
1 parent 36c50ce commit 3a986d59a8b38b29c7192b9512aa1f2f2905c6ab @mike-burns mike-burns committed Sep 10, 2012
Showing with 23 additions and 4 deletions.
  1. +2 −0 app/models/announcement.rb
  2. +4 −0 spec/fake_app.rb
  3. +17 −4 spec/models/announcement_spec.rb
@@ -1,4 +1,6 @@
class Announcement < ActiveRecord::Base
+ attr_accessible :body
+
def self.current
first(:order => 'created_at DESC') || new
end
View
@@ -13,4 +13,8 @@ class Application < Rails::Application
:database => ":memory:"
)
+ActiveSupport.on_load(:active_record) do
+ attr_accessible(nil)
+end
+
CreateAnnouncements.suppress_messages { CreateAnnouncements.up }
@@ -4,19 +4,32 @@
describe Announcement do
it "should return the latest announcement when there are several" do
- old = Announcement.create!(:body => 'no fun', :created_at => 2.days.ago)
- latest = Announcement.create!(:body => 'fun', :created_at => 1.day.ago)
- older = Announcement.create!(:body => 'less fun', :created_at => 3.days.ago)
+ old = create_announcement(:body => 'no fun', :created_at => 2.days.ago)
+ latest = create_announcement(:body => 'fun', :created_at => 1.day.ago)
+ older = create_announcement(:body => 'less fun', :created_at => 3.days.ago)
Announcement.current.should == latest
end
it "should return an existent announcement where there is no announcement" do
- Announcement.create!(:body => 'body')
+ create_announcement(:body => 'body')
Announcement.current.exists?.should == true
end
it "should return a non-existent announcement where there is no announcement" do
Announcement.current.exists?.should be_false
end
+
+ it 'can always assign straight to the body' do
+ Announcement.create!(:body => 'hello').body.should == 'hello'
+ end
+
+ def create_announcement(attributes)
+ announcement = Announcement.new
+ attributes.each do |key, value|
+ announcement.send("#{key}=", value)
+ end
+ announcement.save!
+ announcement
+ end
end

0 comments on commit 3a986d5

Please sign in to comment.