Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

file 186 lines (160 sloc) 7.047 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186
require 'minitest_helper'

describe TrustedKeys do
  let(:controller) do
    Class.new do
      include TrustedKeys

      def params
        { "email" => "anders@email.com",
          :time => { "start_time(1i)"=>"2012",
                     "start_time(2i)"=>"3",
                     "start_time(3i)"=>"14" },
          :event => {
            :password => "secret",
            :collection_attributes => [ { "one" => "ok 1",
                                          "two" => "remove me"},
                                        { "one" => "ok 2",
                                          "two" => "remove me 2"} ],
            :nested_attributes => {
              "0" => { "_destroy"=>"false",
                        "start"=>"2012" },
              "new_1331711737056" => { "_destroy"=>"false",
                                        "start"=>"2012" } } },
          "survey"=> {
            "name"=>"survery 1",
            "questions_attributes"=>
              { "0"=>{"_destroy"=>"1",
                      "content"=>"question2",
                      "dddd" => "xxxx",
                      "id" => "1",
                      "answers_attributes"=>{
                        "0"=>{"content"=>"answer1","_destroy"=>"","dd" => "x"},
                        "1"=>{"content"=>"answer 2","_destroy"=>"1","id"=>"2"}
                       }},
                "1"=>{"_destroy"=>"1",
                      "content"=>"",
                      "answers_attributes"=>{
                        "1"=>{"content"=>"", "_destroy"=>""}}}}},

          :controller => "events",
          :password => "secret",
          :post => { :body => "I am a body",
                       :title => "This is my title",
                       :comments => { 'body' => 'My body',
                                       :email => "an email",
                                       :author => { :name => "anders" } } } }
      end
    end
  end

  let(:env) { OpenStruct.new(:test? => false, :development? => false) }

  describe ".trust" do
    describe "datetime selects" do
      it "return all datetime attributes" do
        controller.trust :start_time, :for => :time, :env => env
        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = { "start_time(1i)"=>"2012",
                      "start_time(2i)"=>"3",
                      "start_time(3i)"=>"14" }
        trusted_attributes.must_equal(expected)
      end
    end

    describe "hashes inside a collection" do
      it "returns trusted attributes" do
        controller.trust :collection_attributes, "password", :for => :event,
                                                             :env => env
        controller.trust :one, :for => 'event.collection_attributes',
                               :env => env
        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = { "password" => "secret",
                     "collection_attributes" => [{ "one" => "ok 1" },
                                                 { "one" => "ok 2" }] }
        trusted_attributes.must_equal(expected)
      end
    end

    context "nested attributes" do
      it "returns nested hash" do
        controller.trust :questions_attributes, :name, :for => :survey,
                                                       :env => env
        controller.trust "answers_attributes", "content",
                         :for => 'survey.questions_attributes', :env => env

        controller.trust "content",
          :for => 'survey.questions_attributes.answers_attributes', :env => env

        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = {
          "name"=>"survery 1",
          "questions_attributes"=>
            { "0"=>{"_destroy"=>"1",
                    "content"=>"question2",
                    "id" => "1",
                    "answers_attributes"=>{
                    "0"=>{"content"=>"answer1", "_destroy"=>""},
                    "1"=>{"content"=>"answer 2", "_destroy"=>"1", "id"=>"2"}}},
            "1"=>{"_destroy"=>"1",
                  "content"=>"",
                  "answers_attributes"=>{
                    "1"=>{"content"=>"", "_destroy"=>""}}}}}

        trusted_attributes.must_equal(expected)
      end

      it "returns nested hash" do
        controller.trust :nested_attributes, :for => :event, :env => env
        controller.trust "start", :for => 'event.nested_attributes', :env => env

        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = { "nested_attributes" => {
                        "0" => { "_destroy"=>"false",
                                   "start"=>"2012" },
                        "new_1331711737056" => { "_destroy"=>"false",
                                                  "start"=>"2012" } } }
        trusted_attributes.must_equal(expected)
      end
    end

    context "no trusted keys" do
      it "raises an exception" do
        proc {
          controller.new.send(:trusted_attributes)
        }.must_raise TrustedKeys::Error::Usage
      end
    end

    context "0 level" do
      it "returns trusted keys" do
        controller.trust :email , :env => env
        trusted_attributes = controller.new.send(:trusted_attributes)
        trusted_attributes.must_equal("email" => "anders@email.com")
      end
    end

    context "1 level" do
      it "returns trusted keys" do
        controller.trust :body, :for => :post, :env => env
        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = { "body" => "I am a body" }
        trusted_attributes.must_equal(expected)
      end

      it "returns trusted keys" do
        controller.trust :body, :title, :comments, :for => :post, :env => env
        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = { "body" => "I am a body",
                     "title" => "This is my title",
                     "comments" => "" }
        trusted_attributes.must_equal(expected)
      end
    end

    context "2 levels" do
      it "returns trusted keys" do
        controller.trust :body, :comments, :for => :post, :env => env
        controller.trust :author, :for => 'post.comments', :env => env
        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = { "body" => "I am a body",
                     "comments" => { "author" => "" } }
        trusted_attributes.must_equal(expected)
      end
    end

    context "3 levels" do
      it "returns trusted keys" do
        controller.trust :body, :comments, :for => :post, :env => env
        controller.trust :author, :for => 'post.comments', :env => env
        controller.trust :name, :for => 'post.comments.author', :env => env
        trusted_attributes = controller.new.send(:trusted_attributes)

        expected = { "body" => "I am a body",
                     "comments" => { "author" => { "name" => "anders" } } }
        trusted_attributes.must_equal(expected)
      end
    end
  end
end
Something went wrong with that request. Please try again.