2017-07-24 16:20:53 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
require "abstract_unit"
|
|
|
|
require "action_controller/metal/strong_parameters"
|
2012-07-12 01:50:42 -04:00
|
|
|
|
2016-03-13 03:36:08 -04:00
|
|
|
class NestedParametersPermitTest < ActiveSupport::TestCase
|
2013-01-20 11:59:53 -05:00
|
|
|
def assert_filtered_out(params, key)
|
|
|
|
assert !params.has_key?(key), "key #{key.inspect} has not been filtered out"
|
|
|
|
end
|
|
|
|
|
2012-07-12 01:50:42 -04:00
|
|
|
test "permitted nested parameters" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2012-07-12 01:50:42 -04:00
|
|
|
title: "Romeo and Juliet",
|
|
|
|
authors: [{
|
|
|
|
name: "William Shakespeare",
|
|
|
|
born: "1564-04-26"
|
|
|
|
}, {
|
|
|
|
name: "Christopher Marlowe"
|
2013-01-20 11:59:53 -05:00
|
|
|
}, {
|
2013-01-22 07:40:33 -05:00
|
|
|
name: %w(malicious injected names)
|
2012-07-12 01:50:42 -04:00
|
|
|
}],
|
|
|
|
details: {
|
|
|
|
pages: 200,
|
|
|
|
genre: "Tragedy"
|
2012-10-11 22:50:20 -04:00
|
|
|
},
|
|
|
|
id: {
|
2016-08-06 12:54:50 -04:00
|
|
|
isbn: "x"
|
2012-07-12 01:50:42 -04:00
|
|
|
}
|
|
|
|
},
|
2016-08-06 13:44:11 -04:00
|
|
|
magazine: "Mjallo!")
|
2012-07-12 01:50:42 -04:00
|
|
|
|
2012-10-11 22:50:20 -04:00
|
|
|
permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages }, :id ]
|
2012-07-12 01:50:42 -04:00
|
|
|
|
2018-01-25 18:14:09 -05:00
|
|
|
assert_predicate permitted, :permitted?
|
2012-07-12 01:50:42 -04:00
|
|
|
assert_equal "Romeo and Juliet", permitted[:book][:title]
|
|
|
|
assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
|
|
|
|
assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
|
|
|
|
assert_equal 200, permitted[:book][:details][:pages]
|
2013-01-20 11:59:53 -05:00
|
|
|
|
|
|
|
assert_filtered_out permitted, :magazine
|
|
|
|
assert_filtered_out permitted[:book], :id
|
|
|
|
assert_filtered_out permitted[:book][:details], :genre
|
|
|
|
assert_filtered_out permitted[:book][:authors][0], :born
|
|
|
|
assert_filtered_out permitted[:book][:authors][2], :name
|
2012-07-12 01:50:42 -04:00
|
|
|
end
|
|
|
|
|
2012-11-30 11:24:16 -05:00
|
|
|
test "permitted nested parameters with a string or a symbol as a key" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2016-08-06 12:54:50 -04:00
|
|
|
"authors" => [
|
|
|
|
{ name: "William Shakespeare", born: "1564-04-26" },
|
|
|
|
{ name: "Christopher Marlowe" }
|
2012-11-30 11:24:16 -05:00
|
|
|
]
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2012-11-30 11:24:16 -05:00
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
permitted = params.permit book: [ { "authors" => [ :name ] } ]
|
2012-11-30 11:24:16 -05:00
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
assert_equal "William Shakespeare", permitted[:book]["authors"][0][:name]
|
|
|
|
assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
|
|
|
|
assert_equal "Christopher Marlowe", permitted[:book]["authors"][1][:name]
|
|
|
|
assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
|
2012-11-30 11:24:16 -05:00
|
|
|
|
|
|
|
permitted = params.permit book: [ { authors: [ :name ] } ]
|
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
assert_equal "William Shakespeare", permitted[:book]["authors"][0][:name]
|
|
|
|
assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
|
|
|
|
assert_equal "Christopher Marlowe", permitted[:book]["authors"][1][:name]
|
|
|
|
assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
|
2012-11-30 11:24:16 -05:00
|
|
|
end
|
|
|
|
|
2012-07-12 01:50:42 -04:00
|
|
|
test "nested arrays with strings" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2013-01-22 07:40:33 -05:00
|
|
|
genres: ["Tragedy"]
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2012-07-12 01:50:42 -04:00
|
|
|
|
2016-08-16 03:30:11 -04:00
|
|
|
permitted = params.permit book: { genres: [] }
|
2012-07-12 01:50:42 -04:00
|
|
|
assert_equal ["Tragedy"], permitted[:book][:genres]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "permit may specify symbols or strings" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2013-01-22 07:40:33 -05:00
|
|
|
title: "Romeo and Juliet",
|
|
|
|
author: "William Shakespeare"
|
2012-07-12 01:50:42 -04:00
|
|
|
},
|
2016-08-06 13:44:11 -04:00
|
|
|
magazine: "Shakespeare Today")
|
2012-07-12 01:50:42 -04:00
|
|
|
|
2016-08-16 03:30:11 -04:00
|
|
|
permitted = params.permit({ book: ["title", :author] }, "magazine")
|
2012-07-12 01:50:42 -04:00
|
|
|
assert_equal "Romeo and Juliet", permitted[:book][:title]
|
|
|
|
assert_equal "William Shakespeare", permitted[:book][:author]
|
|
|
|
assert_equal "Shakespeare Today", permitted[:magazine]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "nested array with strings that should be hashes" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2012-07-12 01:50:42 -04:00
|
|
|
genres: ["Tragedy"]
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2012-07-12 01:50:42 -04:00
|
|
|
|
|
|
|
permitted = params.permit book: { genres: :type }
|
|
|
|
assert_empty permitted[:book][:genres]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "nested array with strings that should be hashes and additional values" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2012-07-12 01:50:42 -04:00
|
|
|
title: "Romeo and Juliet",
|
|
|
|
genres: ["Tragedy"]
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2012-07-12 01:50:42 -04:00
|
|
|
|
|
|
|
permitted = params.permit book: [ :title, { genres: :type } ]
|
|
|
|
assert_equal "Romeo and Juliet", permitted[:book][:title]
|
|
|
|
assert_empty permitted[:book][:genres]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "nested string that should be a hash" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2012-07-12 01:50:42 -04:00
|
|
|
genre: "Tragedy"
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2012-07-12 01:50:42 -04:00
|
|
|
|
|
|
|
permitted = params.permit book: { genre: :type }
|
|
|
|
assert_nil permitted[:book][:genre]
|
|
|
|
end
|
2012-09-01 03:30:07 -04:00
|
|
|
|
|
|
|
test "fields_for-style nested params" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2013-01-22 07:40:33 -05:00
|
|
|
authors_attributes: {
|
2016-08-06 13:35:13 -04:00
|
|
|
'0': { name: "William Shakespeare", age_of_death: "52" },
|
|
|
|
'1': { name: "Unattributed Assistant" },
|
|
|
|
'2': { name: %w(injected names) }
|
2012-09-01 03:30:07 -04:00
|
|
|
}
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2013-01-22 07:40:33 -05:00
|
|
|
permitted = params.permit book: { authors_attributes: [ :name ] }
|
2012-09-01 03:30:07 -04:00
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
assert_not_nil permitted[:book][:authors_attributes]["0"]
|
|
|
|
assert_not_nil permitted[:book][:authors_attributes]["1"]
|
|
|
|
assert_empty permitted[:book][:authors_attributes]["2"]
|
|
|
|
assert_equal "William Shakespeare", permitted[:book][:authors_attributes]["0"][:name]
|
|
|
|
assert_equal "Unattributed Assistant", permitted[:book][:authors_attributes]["1"][:name]
|
2013-01-20 11:59:53 -05:00
|
|
|
|
2017-01-16 08:08:48 -05:00
|
|
|
assert_equal(
|
2017-01-17 22:10:14 -05:00
|
|
|
{ "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare" }, "1" => { "name" => "Unattributed Assistant" }, "2" => {} } } },
|
2017-01-16 08:08:48 -05:00
|
|
|
permitted.to_h
|
|
|
|
)
|
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
assert_filtered_out permitted[:book][:authors_attributes]["0"], :age_of_death
|
2013-01-20 11:59:53 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
test "fields_for-style nested params with negative numbers" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
book: {
|
2013-01-22 07:40:33 -05:00
|
|
|
authors_attributes: {
|
2016-08-06 13:35:13 -04:00
|
|
|
'-1': { name: "William Shakespeare", age_of_death: "52" },
|
|
|
|
'-2': { name: "Unattributed Assistant" }
|
2013-01-20 11:59:53 -05:00
|
|
|
}
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2013-01-22 07:40:33 -05:00
|
|
|
permitted = params.permit book: { authors_attributes: [:name] }
|
2013-01-20 11:59:53 -05:00
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
assert_not_nil permitted[:book][:authors_attributes]["-1"]
|
|
|
|
assert_not_nil permitted[:book][:authors_attributes]["-2"]
|
|
|
|
assert_equal "William Shakespeare", permitted[:book][:authors_attributes]["-1"][:name]
|
|
|
|
assert_equal "Unattributed Assistant", permitted[:book][:authors_attributes]["-2"][:name]
|
2013-01-20 11:59:53 -05:00
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
assert_filtered_out permitted[:book][:authors_attributes]["-1"], :age_of_death
|
2012-09-01 03:30:07 -04:00
|
|
|
end
|
2013-09-22 10:57:21 -04:00
|
|
|
|
|
|
|
test "nested number as key" do
|
2016-08-09 17:36:39 -04:00
|
|
|
params = ActionController::Parameters.new(
|
|
|
|
product: {
|
2013-09-22 10:57:21 -04:00
|
|
|
properties: {
|
2016-08-06 12:54:50 -04:00
|
|
|
"0" => "prop0",
|
|
|
|
"1" => "prop1"
|
2013-09-22 10:57:21 -04:00
|
|
|
}
|
2016-08-06 13:44:11 -04:00
|
|
|
})
|
2016-08-06 13:35:13 -04:00
|
|
|
params = params.require(:product).permit(properties: ["0"])
|
2013-09-22 10:57:21 -04:00
|
|
|
assert_not_nil params[:properties]["0"]
|
|
|
|
assert_nil params[:properties]["1"]
|
|
|
|
assert_equal "prop0", params[:properties]["0"]
|
|
|
|
end
|
2012-07-12 01:50:42 -04:00
|
|
|
end
|