kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test/controller/parameters/nested_parameters_permit_test.rb

280 lines
9.7 KiB
Ruby
Raw Normal View History

Use frozen string literal in actionpack/
2017-07-24 16:20:53 -04:00
# frozen_string_literal: true
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
require "abstract_unit"
require "action_controller/metal/strong_parameters"
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
- Renamed NestedParametersTest to NestedParametersPermitTest, to indicate what we are actually testing in this file
2016-03-13 03:36:08 -04:00
class NestedParametersPermitTest < ActiveSupport::TestCase
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
def assert_filtered_out(params, key)
Fix `CustomCops/AssertNot` to allow it to have failure message Follow up of #32605.
2018-05-12 22:26:10 -04:00
assert_not params.has_key?(key), "key #{key.inspect} has not been filtered out"
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
end
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
test "permitted nested parameters" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
title: "Romeo and Juliet",
authors: [{
name: "William Shakespeare",
born: "1564-04-26"
}, {
name: "Christopher Marlowe"
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
}, {
Lets kepp using Ruby 1.9 syntax
2013-01-22 07:40:33 -05:00
name: %w(malicious injected names)
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
}],
details: {
pages: 200,
genre: "Tragedy"
When executing permit with just a key that points to a hash, DO NOT allow all the hash params.require(:person).permit(:projects_attributes) was returning => {"projects_attributes"=>{"0"=>{"name"=>"Project 1"}}} When should return => {} You should be doing ... params.require(:person).permit(projects_attributes: :name) to get just the projects attributes you want to allow
2012-10-11 22:50:20 -04:00
},
id: {
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
isbn: "x"
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
}
},
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
magazine: "Mjallo!")
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
When executing permit with just a key that points to a hash, DO NOT allow all the hash params.require(:person).permit(:projects_attributes) was returning => {"projects_attributes"=>{"0"=>{"name"=>"Project 1"}}} When should return => {} You should be doing ... params.require(:person).permit(projects_attributes: :name) to get just the projects attributes you want to allow
2012-10-11 22:50:20 -04:00
permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages }, :id ]
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
Use assert_predicate and assert_not_predicate
2018-01-25 18:14:09 -05:00
assert_predicate permitted, :permitted?
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
assert_equal "Romeo and Juliet", permitted[:book][:title]
assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
assert_equal 200, permitted[:book][:details][:pages]
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
assert_filtered_out permitted, :magazine
assert_filtered_out permitted[:book], :id
assert_filtered_out permitted[:book][:details], :genre
assert_filtered_out permitted[:book][:authors][0], :born
assert_filtered_out permitted[:book][:authors][2], :name
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
end
hash filters should be accessed with symbols or strings
2012-11-30 11:24:16 -05:00
test "permitted nested parameters with a string or a symbol as a key" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
"authors" => [
{ name: "William Shakespeare", born: "1564-04-26" },
{ name: "Christopher Marlowe" }
hash filters should be accessed with symbols or strings
2012-11-30 11:24:16 -05:00
]
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
hash filters should be accessed with symbols or strings
2012-11-30 11:24:16 -05:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
permitted = params.permit book: [ { "authors" => [ :name ] } ]
hash filters should be accessed with symbols or strings
2012-11-30 11:24:16 -05:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_equal "William Shakespeare", permitted[:book]["authors"][0][:name]
assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
assert_equal "Christopher Marlowe", permitted[:book]["authors"][1][:name]
assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
hash filters should be accessed with symbols or strings
2012-11-30 11:24:16 -05:00
permitted = params.permit book: [ { authors: [ :name ] } ]
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_equal "William Shakespeare", permitted[:book]["authors"][0][:name]
assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
assert_equal "Christopher Marlowe", permitted[:book]["authors"][1][:name]
assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
hash filters should be accessed with symbols or strings
2012-11-30 11:24:16 -05:00
end
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
test "nested arrays with strings" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Lets kepp using Ruby 1.9 syntax
2013-01-22 07:40:33 -05:00
genres: ["Tragedy"]
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
Add three new rubocop rules Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
2016-08-16 03:30:11 -04:00
permitted = params.permit book: { genres: [] }
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
assert_equal ["Tragedy"], permitted[:book][:genres]
end
test "permit may specify symbols or strings" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Lets kepp using Ruby 1.9 syntax
2013-01-22 07:40:33 -05:00
title: "Romeo and Juliet",
author: "William Shakespeare"
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
},
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
magazine: "Shakespeare Today")
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
Add three new rubocop rules Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
2016-08-16 03:30:11 -04:00
permitted = params.permit({ book: ["title", :author] }, "magazine")
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
assert_equal "Romeo and Juliet", permitted[:book][:title]
assert_equal "William Shakespeare", permitted[:book][:author]
assert_equal "Shakespeare Today", permitted[:magazine]
end
test "nested array with strings that should be hashes" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
genres: ["Tragedy"]
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
permitted = params.permit book: { genres: :type }
assert_empty permitted[:book][:genres]
end
test "nested array with strings that should be hashes and additional values" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
title: "Romeo and Juliet",
genres: ["Tragedy"]
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
permitted = params.permit book: [ :title, { genres: :type } ]
assert_equal "Romeo and Juliet", permitted[:book][:title]
assert_empty permitted[:book][:genres]
end
test "nested string that should be a hash" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
genre: "Tragedy"
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
permitted = params.permit book: { genre: :type }
assert_nil permitted[:book][:genre]
end
Support fields_for attributes, which may have numeric symbols as hash keys
2012-09-01 03:30:07 -04:00
fixed usage of Parameters when a non-numeric key exists test for non-numeric key in nested attributes test: extra blank line between tests removed test for non-numeric key fixed (by Daniel) Update according to feedback
2017-08-01 14:02:41 -04:00
test "nested params with numeric keys" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Lets kepp using Ruby 1.9 syntax
2013-01-22 07:40:33 -05:00
authors_attributes: {
modernizes hash syntax in actionpack
2016-08-06 13:35:13 -04:00
'0': { name: "William Shakespeare", age_of_death: "52" },
'1': { name: "Unattributed Assistant" },
'2': { name: %w(injected names) }
Support fields_for attributes, which may have numeric symbols as hash keys
2012-09-01 03:30:07 -04:00
}
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
Lets kepp using Ruby 1.9 syntax
2013-01-22 07:40:33 -05:00
permitted = params.permit book: { authors_attributes: [ :name ] }
Support fields_for attributes, which may have numeric symbols as hash keys
2012-09-01 03:30:07 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_not_nil permitted[:book][:authors_attributes]["0"]
assert_not_nil permitted[:book][:authors_attributes]["1"]
assert_empty permitted[:book][:authors_attributes]["2"]
assert_equal "William Shakespeare", permitted[:book][:authors_attributes]["0"][:name]
assert_equal "Unattributed Assistant", permitted[:book][:authors_attributes]["1"][:name]
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
Added test to ensure that we dont break #to_h again when trying to restore the speed-up from 26dd9b26ab7317f94fd285245879e888344143b2 (cc: @fxn)
2017-01-16 08:08:48 -05:00
assert_equal(
Fix all rubocop violations
2017-01-17 22:10:14 -05:00
{ "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare" }, "1" => { "name" => "Unattributed Assistant" }, "2" => {} } } },
Added test to ensure that we dont break #to_h again when trying to restore the speed-up from 26dd9b26ab7317f94fd285245879e888344143b2 (cc: @fxn)
2017-01-16 08:08:48 -05:00
permitted.to_h
)
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_filtered_out permitted[:book][:authors_attributes]["0"], :age_of_death
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
end
fixed usage of Parameters when a non-numeric key exists test for non-numeric key in nested attributes test: extra blank line between tests removed test for non-numeric key fixed (by Daniel) Update according to feedback
2017-08-01 14:02:41 -04:00
test "nested params with non_numeric keys" do
params = ActionController::Parameters.new(
book: {
authors_attributes: {
'0': { name: "William Shakespeare", age_of_death: "52" },
'1': { name: "Unattributed Assistant" },
'2': "Not a hash",
'new_record': { name: "Some name" }
}
})
permitted = params.permit book: { authors_attributes: [ :name ] }
assert_not_nil permitted[:book][:authors_attributes]["0"]
assert_not_nil permitted[:book][:authors_attributes]["1"]
assert_nil permitted[:book][:authors_attributes]["2"]
assert_nil permitted[:book][:authors_attributes]["new_record"]
assert_equal "William Shakespeare", permitted[:book][:authors_attributes]["0"][:name]
assert_equal "Unattributed Assistant", permitted[:book][:authors_attributes]["1"][:name]
assert_equal(
{ "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare" }, "1" => { "name" => "Unattributed Assistant" } } } },
permitted.to_h
)
end
test "nested params with negative numeric keys" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
book: {
Lets kepp using Ruby 1.9 syntax
2013-01-22 07:40:33 -05:00
authors_attributes: {
modernizes hash syntax in actionpack
2016-08-06 13:35:13 -04:00
'-1': { name: "William Shakespeare", age_of_death: "52" },
'-2': { name: "Unattributed Assistant" }
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
}
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
Lets kepp using Ruby 1.9 syntax
2013-01-22 07:40:33 -05:00
permitted = params.permit book: { authors_attributes: [:name] }
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_not_nil permitted[:book][:authors_attributes]["-1"]
assert_not_nil permitted[:book][:authors_attributes]["-2"]
assert_equal "William Shakespeare", permitted[:book][:authors_attributes]["-1"][:name]
assert_equal "Unattributed Assistant", permitted[:book][:authors_attributes]["-2"][:name]
strong parameters filters permitted scalars
2013-01-20 11:59:53 -05:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_filtered_out permitted[:book][:authors_attributes]["-1"], :age_of_death
Support fields_for attributes, which may have numeric symbols as hash keys
2012-09-01 03:30:07 -04:00
end
Strong parameters should permit nested number as key. Closes #12293
2013-09-22 10:57:21 -04:00
Allow permitting numeric params When specifying numeric parameters, strong params lets you permit them all using the same permitted params for each. For example params like, ```ruby book: { authors_attributes: { '0': { name: "William Shakespeare", age_of_death: "52" }, '1': { name: "Unattributed Assistant" }, '2': "Not a hash", 'new_record': { name: "Some name" } } } ``` can be permitted with, ``` permit book: { authors_attributes: [ :name ] } ``` This returns the name keys for each of the numeric keyed params that have a name field, ```ruby { "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare" }, "1" => { "name" => "Unattributed Assistant" } } } } ``` This is exactly what you want most of the time. Rarely you might need to specify different keys for particular numeric attributes. This allows another strong params syntax for those cases where you can specify the keys allowed for each individual numerically keys attributes hash. After this change using the same params above, you can permit the name and age for only the `0` key and only the name for the `1` key, ```ruby permit book: { authors_attributes: { '1': [ :name ], '0': [ :name, :age_of_death ] } } ``` This returns exactly the parameters that you specify, ```ruby { "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare", "age_of_death" => "52" }, "1" => { "name" => "Unattributed Assistant" } } } } ``` Sidenote: this allows `permit` to do the equivalent to ```ruby params.require(:book).permit(authors_attributes: { '1': [:name]}) ``` without raising when `book: ... ` is not present. The simpler syntax should be preferred, but in cases where you need more control, this is a nice option to have.
2021-06-15 17:08:16 -04:00
test "nested params with numeric keys addressing individual numeric keys" do
params = ActionController::Parameters.new(
book: {
authors_attributes: {
'0': { name: "William Shakespeare", age_of_death: "52" },
'1': { name: "Unattributed Assistant" },
'2': { name: %w(injected names) }
}
})
permitted = params.permit book: { authors_attributes: { '1': [ :name ], '0': [ :name, :age_of_death ] } }
assert_equal(
{ "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare", "age_of_death" => "52" }, "1" => { "name" => "Unattributed Assistant" } } } },
permitted.to_h
)
end
test "nested params with numeric keys addressing individual numeric keys using require first" do
params = ActionController::Parameters.new(
book: {
authors_attributes: {
'0': { name: "William Shakespeare", age_of_death: "52" },
'1': { name: "Unattributed Assistant" },
'2': { name: %w(injected names) }
}
})
permitted = params.require(:book).permit(authors_attributes: { '1': [:name] })
assert_equal(
{ "authors_attributes" => { "1" => { "name" => "Unattributed Assistant" } } },
permitted.to_h
)
end
test "nested params with numeric keys addressing individual numeric keys to arrays" do
params = ActionController::Parameters.new(
book: {
authors_attributes: {
'0': ["draft 1", "draft 2", "draft 3"],
'1': ["final draft"],
'2': { name: %w(injected names) }
}
})
permitted = params.permit book: { authors_attributes: { '2': [ :name ], '0': [] } }
assert_equal(
{ "book" => { "authors_attributes" => { "2" => {}, "0" => ["draft 1", "draft 2", "draft 3"] } } },
permitted.to_h
)
end
test "nested params with numeric keys addressing individual numeric keys to more nested params" do
params = ActionController::Parameters.new(
book: {
authors_attributes: {
'0': ["draft 1", "draft 2", "draft 3"],
'1': ["final draft"],
'2': { name: { "projects" => [ "hamlet", "Othello" ] } }
}
})
permitted = params.permit book: { authors_attributes: { '2': { name: { projects: [] } }, '0': [] } }
assert_equal(
{ "book" => { "authors_attributes" => { "2" => { "name" => { "projects" => ["hamlet", "Othello"] } }, "0" => ["draft 1", "draft 2", "draft 3"] } } },
permitted.to_h
)
end
Strong parameters should permit nested number as key. Closes #12293
2013-09-22 10:57:21 -04:00
test "nested number as key" do
Fix broken alignments caused by auto-correct commit 411ccbd Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
2016-08-09 17:36:39 -04:00
params = ActionController::Parameters.new(
product: {
Strong parameters should permit nested number as key. Closes #12293
2013-09-22 10:57:21 -04:00
properties: {
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
"0" => "prop0",
"1" => "prop1"
Strong parameters should permit nested number as key. Closes #12293
2013-09-22 10:57:21 -04:00
}
remove redundant curlies from hash arguments
2016-08-06 13:44:11 -04:00
})
modernizes hash syntax in actionpack
2016-08-06 13:35:13 -04:00
params = params.require(:product).permit(properties: ["0"])
Strong parameters should permit nested number as key. Closes #12293
2013-09-22 10:57:21 -04:00
assert_not_nil params[:properties]["0"]
assert_nil params[:properties]["1"]
assert_equal "prop0", params[:properties]["0"]
end
Integrate ActionController::Parameters from StrongParameters gem
2012-07-12 01:50:42 -04:00
end
Copy permalink