/
allow_mass_assignment_of_matcher.rb
113 lines (96 loc) · 3.06 KB
/
allow_mass_assignment_of_matcher.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
module Shoulda # :nodoc:
module Matchers
module ActiveModel # :nodoc:
# Ensures that the attribute can be set on mass update.
#
# it { should_not allow_mass_assignment_of(:password) }
# it { should allow_mass_assignment_of(:first_name) }
#
# In Rails 3.1 you can check role as well:
#
# it { should allow_mass_assignment_of(:first_name).as(:admin) }
#
def allow_mass_assignment_of(value)
AllowMassAssignmentOfMatcher.new(value)
end
class AllowMassAssignmentOfMatcher # :nodoc:
attr_reader :failure_message_for_should, :failure_message_for_should_not
def initialize(attribute)
@attribute = attribute.to_s
@options = {}
end
def as(role)
if active_model_less_than_3_1?
raise 'You can specify role only in Rails 3.1 or greater'
end
@options[:role] = role
self
end
def matches?(subject)
@subject = subject
if attr_mass_assignable?
if whitelisting?
@failure_message_for_should_not = "#{@attribute} was made accessible"
else
if protected_attributes.empty?
@failure_message_for_should_not = 'no attributes were protected'
else
@failure_message_for_should_not = "#{class_name} is protecting " <<
"#{protected_attributes.to_a.to_sentence}, " <<
"but not #{@attribute}."
end
end
true
else
if whitelisting?
@failure_message_for_should = "Expected #{@attribute} to be accessible"
else
@failure_message_for_should = "Did not expect #{@attribute} to be protected"
end
false
end
end
def description
[base_description, role_description].compact.join(' ')
end
private
def base_description
"allow mass assignment of #{@attribute}"
end
def role_description
if role != :default
"as #{role}"
end
end
def role
@options[:role] || :default
end
def protected_attributes
@protected_attributes ||= (@subject.class.protected_attributes || [])
end
def accessible_attributes
@accessible_attributes ||= (@subject.class.accessible_attributes || [])
end
def whitelisting?
authorizer.kind_of?(::ActiveModel::MassAssignmentSecurity::WhiteList)
end
def attr_mass_assignable?
!authorizer.deny?(@attribute)
end
def authorizer
if active_model_less_than_3_1?
@subject.class.active_authorizer
else
@subject.class.active_authorizer[role]
end
end
def class_name
@subject.class.name
end
def active_model_less_than_3_1?
::ActiveModel::VERSION::STRING.to_f < 3.1
end
end
end
end
end