Merge pull request #4445 from nragaz/role_based_params_wrapping

specify a role for identifying accessible attributes when wrapping params
2022-11-09 12:12:34 -05:00 · 2012-05-04 12:44:34 -07:00 · 2012-05-04 12:44:34 -07:00 · 7a093606f6
commit 7a093606f6
parent 2919fd8980
2 changed files with 18 additions and 4 deletions
--- a/actionpack/lib/action_controller/metal/params_wrapper.rb
+++ b/actionpack/lib/action_controller/metal/params_wrapper.rb
@ -166,8 +166,9 @@ module ActionController

        unless options[:include] || options[:exclude]
          model ||= _default_wrap_model
-          if model.respond_to?(:accessible_attributes) && model.accessible_attributes.present?
-            options[:include] = model.accessible_attributes.to_a
+          role = options.has_key?(:as) ? options[:as] : :default
+          if model.respond_to?(:accessible_attributes) && model.accessible_attributes(role).present?
+            options[:include] = model.accessible_attributes(role).to_a
          elsif model.respond_to?(:attribute_names) && model.attribute_names.present?
            options[:include] = model.attribute_names
          end
--- a/actionpack/test/controller/params_wrapper_test.rb
+++ b/actionpack/test/controller/params_wrapper_test.rb
@ -174,7 +174,7 @@ class ParamsWrapperTest < ActionController::TestCase
  
  def test_accessible_wrapped_keys_from_matching_model
    User.expects(:respond_to?).with(:accessible_attributes).returns(true)
-    User.expects(:accessible_attributes).twice.returns(["username"])
+    User.expects(:accessible_attributes).with(:default).twice.returns(["username"])
    
    with_default_wrapper_options do
      @request.env['CONTENT_TYPE'] = 'application/json'
@ -186,7 +186,7 @@ class ParamsWrapperTest < ActionController::TestCase
  def test_accessible_wrapped_keys_from_specified_model
    with_default_wrapper_options do
      Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
-      Person.expects(:accessible_attributes).twice.returns(["username"])
+      Person.expects(:accessible_attributes).with(:default).twice.returns(["username"])

      UsersController.wrap_parameters Person

@ -195,6 +195,19 @@ class ParamsWrapperTest < ActionController::TestCase
      assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
    end
  end
+  
+  def test_accessible_wrapped_keys_with_role_from_specified_model
+    with_default_wrapper_options do
+      Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
+      Person.expects(:accessible_attributes).with(:admin).twice.returns(["username"])
+
+      UsersController.wrap_parameters Person, :as => :admin
+
+      @request.env['CONTENT_TYPE'] = 'application/json'
+      post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
+      assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
+    end
+  end

  def test_not_wrapping_abstract_model
    User.expects(:respond_to?).with(:accessible_attributes).returns(false)