mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Ensure that AR::Relation#exists? allows only permitted params
Clarify changelog entry Related to #34891
This commit is contained in:
parent
2dee59fed1
commit
6410c70f7c
3 changed files with 17 additions and 7 deletions
|
@ -4,7 +4,7 @@
|
|||
|
||||
*Laerti Papa*
|
||||
|
||||
* Allow `ActionController::Params` as argument of `ActiveRecord::Base#exists?`.
|
||||
* Allow permitted instance of `ActionController::Parameters` as argument of `ActiveRecord::Relation#exists?`.
|
||||
|
||||
*Gannon McGibbon*
|
||||
|
||||
|
|
|
@ -226,11 +226,15 @@ class FinderTest < ActiveRecord::TestCase
|
|||
end
|
||||
|
||||
def test_exists_with_strong_parameters
|
||||
assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo"))
|
||||
assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo").permit!)
|
||||
|
||||
Subscriber.create!(nick: "foo")
|
||||
|
||||
assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo"))
|
||||
assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo").permit!)
|
||||
|
||||
assert_raises(ActiveModel::ForbiddenAttributesError) do
|
||||
Subscriber.exists?(Parameters.new(nick: "foo"))
|
||||
end
|
||||
end
|
||||
|
||||
def test_exists_passing_active_record_object_is_not_permitted
|
||||
|
|
|
@ -3,10 +3,16 @@
|
|||
class Parameters
|
||||
def initialize(parameters = {})
|
||||
@parameters = parameters.with_indifferent_access
|
||||
@permitted = false
|
||||
end
|
||||
|
||||
def permitted?
|
||||
true
|
||||
@permitted
|
||||
end
|
||||
|
||||
def permit!
|
||||
@permitted = true
|
||||
self
|
||||
end
|
||||
|
||||
def to_h
|
||||
|
|
Loading…
Reference in a new issue