mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
added failing tests for has_many, has_one and belongs_to associations with strict mass assignment sanitizer, fixed build_record to not merge creation_attributes, removed failing nested attributes tests (that feature was broken anyway) #4051
This commit is contained in:
parent
618cb44291
commit
1ad0a5363b
4 changed files with 66 additions and 13 deletions
|
@ -230,13 +230,8 @@ module ActiveRecord
|
|||
end
|
||||
|
||||
def build_record(attributes, options)
|
||||
attributes = (attributes || {}).reverse_merge(creation_attributes)
|
||||
|
||||
reflection.build_association(attributes, options) do |record|
|
||||
record.assign_attributes(
|
||||
create_scope.except(*record.changed),
|
||||
:without_protection => true
|
||||
)
|
||||
record.assign_attributes(create_scope.except(*record.changed), :without_protection => true)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -50,6 +50,13 @@ module MassAssignmentTestHelpers
|
|||
assert_equal 'm', person.gender
|
||||
assert_equal 'rides a sweet bike', person.comments
|
||||
end
|
||||
|
||||
def with_strict_sanitizer
|
||||
ActiveRecord::Base.mass_assignment_sanitizer = :strict
|
||||
yield
|
||||
ensure
|
||||
ActiveRecord::Base.mass_assignment_sanitizer = :logger
|
||||
end
|
||||
end
|
||||
|
||||
module MassAssignmentRelationTestHelpers
|
||||
|
@ -323,6 +330,13 @@ class MassAssignmentSecurityHasOneRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_has_one_build_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.build_best_friend(attributes_hash.except(:id, :comments))
|
||||
assert_equal @person.id, best_friend.best_friend_id
|
||||
end
|
||||
end
|
||||
|
||||
# create
|
||||
|
||||
def test_has_one_create_with_attr_protected_attributes
|
||||
|
@ -350,6 +364,13 @@ class MassAssignmentSecurityHasOneRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_has_one_create_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.create_best_friend(attributes_hash.except(:id, :comments))
|
||||
assert_equal @person.id, best_friend.best_friend_id
|
||||
end
|
||||
end
|
||||
|
||||
# create!
|
||||
|
||||
def test_has_one_create_with_bang_with_attr_protected_attributes
|
||||
|
@ -377,6 +398,13 @@ class MassAssignmentSecurityHasOneRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_has_one_create_with_bang_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.create_best_friend!(attributes_hash.except(:id, :comments))
|
||||
assert_equal @person.id, best_friend.best_friend_id
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
@ -438,6 +466,13 @@ class MassAssignmentSecurityBelongsToRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_belongs_to_create_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.create_best_friend_of(attributes_hash.except(:id, :comments))
|
||||
assert_equal best_friend.id, @person.best_friend_of_id
|
||||
end
|
||||
end
|
||||
|
||||
# create!
|
||||
|
||||
def test_belongs_to_create_with_bang_with_attr_protected_attributes
|
||||
|
@ -465,6 +500,13 @@ class MassAssignmentSecurityBelongsToRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_belongs_to_create_with_bang_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.create_best_friend_of!(attributes_hash.except(:id, :comments))
|
||||
assert_equal best_friend.id, @person.best_friend_of_id
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
@ -499,6 +541,13 @@ class MassAssignmentSecurityHasManyRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_has_many_build_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.best_friends.build(attributes_hash.except(:id, :comments))
|
||||
assert_equal @person.id, best_friend.best_friend_id
|
||||
end
|
||||
end
|
||||
|
||||
# create
|
||||
|
||||
def test_has_many_create_with_attr_protected_attributes
|
||||
|
@ -526,6 +575,13 @@ class MassAssignmentSecurityHasManyRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_has_many_create_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.best_friends.create(attributes_hash.except(:id, :comments))
|
||||
assert_equal @person.id, best_friend.best_friend_id
|
||||
end
|
||||
end
|
||||
|
||||
# create!
|
||||
|
||||
def test_has_many_create_with_bang_with_attr_protected_attributes
|
||||
|
@ -553,6 +609,13 @@ class MassAssignmentSecurityHasManyRelationsTest < ActiveRecord::TestCase
|
|||
assert_all_attributes(best_friend)
|
||||
end
|
||||
|
||||
def test_has_many_create_with_bang_with_strict_sanitizer
|
||||
with_strict_sanitizer do
|
||||
best_friend = @person.best_friends.create!(attributes_hash.except(:id, :comments))
|
||||
assert_equal @person.id, best_friend.best_friend_id
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
|
|
@ -617,11 +617,6 @@ module NestedAttributesOnACollectionAssociationTests
|
|||
assert_equal ['Grace OMalley', 'Privateers Greed'], [@child_1.name, @child_2.name]
|
||||
end
|
||||
|
||||
def test_should_take_a_hash_with_owner_attributes_and_assign_the_attributes_to_the_associated_model
|
||||
@pirate.birds.create :name => 'bird', :pirate_attributes => {:id => @pirate.id.to_s, :catchphrase => 'Holla!'}
|
||||
assert_equal 'Holla!', @pirate.reload.catchphrase
|
||||
end
|
||||
|
||||
def test_should_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record
|
||||
assert_raise_with_message ActiveRecord::RecordNotFound, "Couldn't find #{@child_1.class.name} with ID=1234567890 for Pirate with ID=#{@pirate.id}" do
|
||||
@pirate.attributes = { association_getter => [{ :id => 1234567890 }] }
|
||||
|
|
|
@ -54,7 +54,7 @@ class LoosePerson < ActiveRecord::Base
|
|||
self.table_name = 'people'
|
||||
self.abstract_class = true
|
||||
|
||||
attr_protected :comments
|
||||
attr_protected :comments, :best_friend_id, :best_friend_of_id
|
||||
attr_protected :as => :admin
|
||||
|
||||
has_one :best_friend, :class_name => 'LoosePerson', :foreign_key => :best_friend_id
|
||||
|
|
Loading…
Reference in a new issue