When using rails 3.2, the generator adds 'attr_accessible' to the model. Fixes #2515

CHANGELOG.rdoc

@@ -1,3 +1,7 @@
+== 3.0.1
+* bug fix
+  * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne)
+
 == 3.0.0
 
 * enhancements

Gemfile.lock

@@ -12,7 +12,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise (3.0.0.rc)
+    devise (3.0.0)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)

lib/generators/devise/orm_helpers.rb

@@ -2,7 +2,7 @@ module Devise
   module Generators
     module OrmHelpers
       def model_contents
-<<-CONTENT
+        buffer = <<-CONTENT
   # Include default devise modules. Others available are:
   # :token_authenticatable, :confirmable,
   # :lockable, :timeoutable and :omniauthable
@@ -10,6 +10,32 @@ module Devise
          :recoverable, :rememberable, :trackable, :validatable
 
 CONTENT
+        buffer += <<-CONTENT if needs_attr_accessible?
+  # Setup accessible (or protected) attributes for your model
+  attr_accessible :email, :password, :password_confirmation, :remember_me
+
+CONTENT
+        buffer
+      end
+
+      def needs_attr_accessible?
+        if rails_3?
+          !strong_parameters_enabled?
+        else
+          protected_attributes_enabled?
+        end
+      end
+
+      def rails_3?
+        Rails::VERSION::MAJOR == 3
+      end
+
+      def strong_parameters_enabled?
+        defined?(ActionController::StrongParameters)
+      end
+
+      def protected_attributes_enabled?
+        defined?(ActiveModel::MassAssignmentSecurity)
       end
 
       def model_exists?
@@ -29,4 +55,4 @@ CONTENT
       end
     end
   end
-end
+end

test/generators/active_record_generator_test.rb

@@ -62,11 +62,55 @@ if DEVISE_ORM == :active_record
     destination File.expand_path("../../tmp", __FILE__)
     setup :prepare_destination
 
-    test "all files are properly created" do
+    test "all files are properly created in rails 4.0 without the protected_attributes gem" do
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false)
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:protected_attributes_enabled?).returns(false)
       simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
         run_generator ["monster"]
 
         assert_file "app/models/rails_engine/monster.rb", /devise/
+        assert_file "app/models/rails_engine/monster.rb" do |content|
+          assert_no_match /attr_accessible :email/, content
+        end
+      end
+    end
+
+    test "all files are properly created in rails 4.0 when the protected_attributes gem is installed" do
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false)
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:protected_attributes_enabled?).returns(true)
+      simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
+        run_generator ["monster"]
+
+        assert_file "app/models/rails_engine/monster.rb", /devise/
+        assert_file "app/models/rails_engine/monster.rb" do |content|
+          assert_match /attr_accessible :email/, content
+        end
+      end
+    end
+
+    test "all files are properly created in rails 3.2 when strong_parameters gem is not installed" do
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true)
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(false)
+      simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
+        run_generator ["monster"]
+
+        assert_file "app/models/rails_engine/monster.rb", /devise/
+        assert_file "app/models/rails_engine/monster.rb" do |content|
+          assert_match /attr_accessible :email/, content
+        end
+      end
+    end
+
+    test "all files are properly created in rails 3.2 when strong_parameters gem is installed" do
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true)
+      ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(true)
+      simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
+        run_generator ["monster"]
+
+        assert_file "app/models/rails_engine/monster.rb", /devise/
+        assert_file "app/models/rails_engine/monster.rb" do |content|
+          assert_no_match /attr_accessible :email/, content
+        end
       end
     end
   end