rails--rails/activemodel/test/cases/forbidden_attributes_protection_test.rb

require 'cases/helper'
require 'active_support/core_ext/hash/indifferent_access'
require 'models/account'

class ProtectedParams
  attr_accessor :permitted
  alias :permitted? :permitted

  delegate :keys, :key?, :has_key?, :empty?, to: :@parameters

  def initialize(attributes)
    @parameters = attributes
    @permitted = false
  end

  def permit!
    @permitted = true
    self
  end

  def to_h
    @parameters
  end
end

class ActiveModelMassUpdateProtectionTest < ActiveSupport::TestCase
  test "forbidden attributes cannot be used for mass updating" do
    params = ProtectedParams.new({ "a" => "b" })
    assert_raises(ActiveModel::ForbiddenAttributesError) do
      Account.new.sanitize_for_mass_assignment(params)
    end
  end

  test "permitted attributes can be used for mass updating" do
    params = ProtectedParams.new({ "a" => "b" }).permit!
    assert_equal({ "a" => "b" }, Account.new.sanitize_for_mass_assignment(params))
  end

  test "regular attributes should still be allowed" do
     assert_equal({ a: "b" }, Account.new.sanitize_for_mass_assignment(a: "b"))
  end
end
Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gem 2012-07-13 04:51:13 -04:00			`require 'cases/helper'`
Change AMo::ForbiddenAttributesProtection tests to use a subclass of Hash instead of monkey patch permitted? method in regular hashes 2012-07-18 02:37:03 -04:00			`require 'active_support/core_ext/hash/indifferent_access'`
Remove MassAssignmentSecurity from ActiveModel This will be moved out to protected_attributes gem 2012-07-17 01:59:31 -04:00			`require 'models/account'`
Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gem 2012-07-13 04:51:13 -04:00
Update and fix forbidden attributes tests Add AC::Parameters tests for WhereChain#not 2015-07-23 09:49:03 -04:00			`class ProtectedParams`
Change AMo::ForbiddenAttributesProtection tests to use a subclass of Hash instead of monkey patch permitted? method in regular hashes 2012-07-18 02:37:03 -04:00			`attr_accessor :permitted`
			`alias :permitted? :permitted`

Update and fix forbidden attributes tests Add AC::Parameters tests for WhereChain#not 2015-07-23 09:49:03 -04:00			`delegate :keys, :key?, :has_key?, :empty?, to: :@parameters`

Change AMo::ForbiddenAttributesProtection tests to use a subclass of Hash instead of monkey patch permitted? method in regular hashes 2012-07-18 02:37:03 -04:00			`def initialize(attributes)`
Update and fix forbidden attributes tests Add AC::Parameters tests for WhereChain#not 2015-07-23 09:49:03 -04:00			`@parameters = attributes`
Change AMo::ForbiddenAttributesProtection tests to use a subclass of Hash instead of monkey patch permitted? method in regular hashes 2012-07-18 02:37:03 -04:00			`@permitted = false`
			`end`

			`def permit!`
			`@permitted = true`
			`self`
			`end`
Update and fix forbidden attributes tests Add AC::Parameters tests for WhereChain#not 2015-07-23 09:49:03 -04:00
			`def to_h`
			`@parameters`
			`end`
Change AMo::ForbiddenAttributesProtection tests to use a subclass of Hash instead of monkey patch permitted? method in regular hashes 2012-07-18 02:37:03 -04:00			`end`

Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gem 2012-07-13 04:51:13 -04:00			`class ActiveModelMassUpdateProtectionTest < ActiveSupport::TestCase`
			`test "forbidden attributes cannot be used for mass updating" do`
Change AMo::ForbiddenAttributesProtection tests to use a subclass of Hash instead of monkey patch permitted? method in regular hashes 2012-07-18 02:37:03 -04:00			`params = ProtectedParams.new({ "a" => "b" })`
Rename ForbiddenAttributes exception to ForbiddenAttributesError 2012-08-13 01:41:04 -04:00			`assert_raises(ActiveModel::ForbiddenAttributesError) do`
Remove MassAssignmentSecurity from ActiveModel This will be moved out to protected_attributes gem 2012-07-17 01:59:31 -04:00			`Account.new.sanitize_for_mass_assignment(params)`
Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gem 2012-07-13 04:51:13 -04:00			`end`
			`end`

			`test "permitted attributes can be used for mass updating" do`
Change AMo::ForbiddenAttributesProtection tests to use a subclass of Hash instead of monkey patch permitted? method in regular hashes 2012-07-18 02:37:03 -04:00			`params = ProtectedParams.new({ "a" => "b" }).permit!`
Don't use assert_nothing_raised when assert_equal is used 2012-08-29 10:54:27 -04:00			`assert_equal({ "a" => "b" }, Account.new.sanitize_for_mass_assignment(params))`
Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gem 2012-07-13 04:51:13 -04:00			`end`

			`test "regular attributes should still be allowed" do`
Don't use assert_nothing_raised when assert_equal is used 2012-08-29 10:54:27 -04:00			`assert_equal({ a: "b" }, Account.new.sanitize_for_mass_assignment(a: "b"))`
Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gem 2012-07-13 04:51:13 -04:00			`end`
			`end`