Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Rails whitelists attributes now

  • Loading branch information...
commit 3a986d59a8b38b29c7192b9512aa1f2f2905c6ab 1 parent 36c50ce
Mike Burns authored September 10, 2012
2  app/models/announcement.rb
... ...
@@ -1,4 +1,6 @@
1 1
 class Announcement < ActiveRecord::Base
  2
+  attr_accessible :body
  3
+
2 4
   def self.current
3 5
     first(:order => 'created_at DESC') || new
4 6
   end
4  spec/fake_app.rb
@@ -13,4 +13,8 @@ class Application < Rails::Application
13 13
   :database => ":memory:"
14 14
 )
15 15
 
  16
+ActiveSupport.on_load(:active_record) do
  17
+  attr_accessible(nil)
  18
+end
  19
+
16 20
 CreateAnnouncements.suppress_messages { CreateAnnouncements.up }
21  spec/models/announcement_spec.rb
@@ -4,19 +4,32 @@
4 4
 
5 5
 describe Announcement do
6 6
   it "should return the latest announcement when there are several" do
7  
-    old = Announcement.create!(:body => 'no fun', :created_at => 2.days.ago)
8  
-    latest = Announcement.create!(:body => 'fun', :created_at => 1.day.ago)
9  
-    older = Announcement.create!(:body => 'less fun', :created_at => 3.days.ago)
  7
+    old = create_announcement(:body => 'no fun', :created_at => 2.days.ago)
  8
+    latest = create_announcement(:body => 'fun', :created_at => 1.day.ago)
  9
+    older = create_announcement(:body => 'less fun', :created_at => 3.days.ago)
10 10
 
11 11
     Announcement.current.should == latest
12 12
   end
13 13
 
14 14
   it "should return an existent announcement where there is no announcement" do
15  
-    Announcement.create!(:body => 'body')
  15
+    create_announcement(:body => 'body')
16 16
     Announcement.current.exists?.should == true
17 17
   end
18 18
 
19 19
   it "should return a non-existent announcement where there is no announcement" do
20 20
     Announcement.current.exists?.should be_false
21 21
   end
  22
+
  23
+  it 'can always assign straight to the body' do
  24
+    Announcement.create!(:body => 'hello').body.should == 'hello'
  25
+  end
  26
+
  27
+  def create_announcement(attributes)
  28
+    announcement = Announcement.new
  29
+    attributes.each do |key, value|
  30
+      announcement.send("#{key}=", value)
  31
+    end
  32
+    announcement.save!
  33
+    announcement
  34
+  end
22 35
 end

0 notes on commit 3a986d5

Please sign in to comment.
Something went wrong with that request. Please try again.