mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Remove mass assignment security from ActiveRecord
This commit is contained in:
parent
f8c9a4d3e8
commit
8020f71df1
20 changed files with 18 additions and 1170 deletions
|
@ -265,7 +265,6 @@ module ActiveRecord
|
||||||
# end
|
# end
|
||||||
#
|
#
|
||||||
# class Pet
|
# class Pet
|
||||||
# attr_accessible :name
|
|
||||||
# validates :name, presence: true
|
# validates :name, presence: true
|
||||||
# end
|
# end
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,86 +1,25 @@
|
||||||
|
|
||||||
module ActiveRecord
|
module ActiveRecord
|
||||||
ActiveSupport.on_load(:active_record_config) do
|
|
||||||
mattr_accessor :whitelist_attributes, instance_accessor: false
|
|
||||||
mattr_accessor :mass_assignment_sanitizer, instance_accessor: false
|
|
||||||
end
|
|
||||||
|
|
||||||
module AttributeAssignment
|
module AttributeAssignment
|
||||||
extend ActiveSupport::Concern
|
include ActiveModel::ForbiddenAttributesProtection
|
||||||
include ActiveModel::MassAssignmentSecurity
|
|
||||||
|
|
||||||
included do
|
|
||||||
initialize_mass_assignment_sanitizer
|
|
||||||
end
|
|
||||||
|
|
||||||
module ClassMethods
|
|
||||||
def inherited(child) # :nodoc:
|
|
||||||
child.send :initialize_mass_assignment_sanitizer if self == Base
|
|
||||||
super
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
# The primary key and inheritance column can never be set by mass-assignment for security reasons.
|
|
||||||
def attributes_protected_by_default
|
|
||||||
default = [ primary_key, inheritance_column ]
|
|
||||||
default << 'id' unless primary_key.eql? 'id'
|
|
||||||
default
|
|
||||||
end
|
|
||||||
|
|
||||||
def initialize_mass_assignment_sanitizer
|
|
||||||
attr_accessible(nil) if Model.whitelist_attributes
|
|
||||||
self.mass_assignment_sanitizer = Model.mass_assignment_sanitizer if Model.mass_assignment_sanitizer
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Allows you to set all the attributes at once by passing in a hash with keys
|
# Allows you to set all the attributes at once by passing in a hash with keys
|
||||||
# matching the attribute names (which again matches the column names).
|
# matching the attribute names (which again matches the column names).
|
||||||
#
|
#
|
||||||
# If any attributes are protected by either +attr_protected+ or
|
# If the passed hash responds to permitted? method and the return value
|
||||||
# +attr_accessible+ then only settable attributes will be assigned.
|
# of this method is false an ActiveModel::ForbiddenAttributes exception
|
||||||
#
|
# is raised.
|
||||||
# class User < ActiveRecord::Base
|
|
||||||
# attr_protected :is_admin
|
|
||||||
# end
|
|
||||||
#
|
|
||||||
# user = User.new
|
|
||||||
# user.attributes = { :username => 'Phusion', :is_admin => true }
|
|
||||||
# user.username # => "Phusion"
|
|
||||||
# user.is_admin? # => false
|
|
||||||
def attributes=(new_attributes)
|
def attributes=(new_attributes)
|
||||||
return unless new_attributes.is_a?(Hash)
|
return unless new_attributes.is_a?(Hash)
|
||||||
|
|
||||||
assign_attributes(new_attributes)
|
assign_attributes(new_attributes)
|
||||||
end
|
end
|
||||||
|
|
||||||
# Allows you to set all the attributes for a particular mass-assignment
|
# Allows you to set all the attributes by passing in a hash of attributes with
|
||||||
# security role by passing in a hash of attributes with keys matching
|
# keys matching the attribute names (which again matches the column names)
|
||||||
# the attribute names (which again matches the column names) and the role
|
|
||||||
# name using the :as option.
|
|
||||||
#
|
#
|
||||||
# To bypass mass-assignment security you can use the :without_protection => true
|
# To bypass forbidden attributes protection you can use the without_protection: true
|
||||||
# option.
|
# option.
|
||||||
#
|
|
||||||
# class User < ActiveRecord::Base
|
|
||||||
# attr_accessible :name
|
|
||||||
# attr_accessible :name, :is_admin, :as => :admin
|
|
||||||
# end
|
|
||||||
#
|
|
||||||
# user = User.new
|
|
||||||
# user.assign_attributes({ :name => 'Josh', :is_admin => true })
|
|
||||||
# user.name # => "Josh"
|
|
||||||
# user.is_admin? # => false
|
|
||||||
#
|
|
||||||
# user = User.new
|
|
||||||
# user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
|
|
||||||
# user.name # => "Josh"
|
|
||||||
# user.is_admin? # => true
|
|
||||||
#
|
|
||||||
# user = User.new
|
|
||||||
# user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
|
|
||||||
# user.name # => "Josh"
|
|
||||||
# user.is_admin? # => true
|
|
||||||
def assign_attributes(new_attributes, options = {})
|
def assign_attributes(new_attributes, options = {})
|
||||||
return if new_attributes.blank?
|
return if new_attributes.blank?
|
||||||
|
|
||||||
|
@ -91,7 +30,7 @@ module ActiveRecord
|
||||||
@mass_assignment_options = options
|
@mass_assignment_options = options
|
||||||
|
|
||||||
unless options[:without_protection]
|
unless options[:without_protection]
|
||||||
attributes = sanitize_for_mass_assignment(attributes, mass_assignment_role)
|
attributes = sanitize_for_mass_assignment(attributes)
|
||||||
end
|
end
|
||||||
|
|
||||||
attributes.each do |k, v|
|
attributes.each do |k, v|
|
||||||
|
@ -116,10 +55,6 @@ module ActiveRecord
|
||||||
@mass_assignment_options ||= {}
|
@mass_assignment_options ||= {}
|
||||||
end
|
end
|
||||||
|
|
||||||
def mass_assignment_role
|
|
||||||
mass_assignment_options[:as] || :default
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def _assign_attribute(k, v)
|
def _assign_attribute(k, v)
|
||||||
|
|
|
@ -53,8 +53,7 @@ module ActiveRecord
|
||||||
end
|
end
|
||||||
|
|
||||||
# Defines the primary key field -- can be overridden in subclasses. Overwriting will negate any effect of the
|
# Defines the primary key field -- can be overridden in subclasses. Overwriting will negate any effect of the
|
||||||
# primary_key_prefix_type setting, though. Since primary keys are usually protected from mass assignment,
|
# primary_key_prefix_type setting, though.
|
||||||
# remember to let your database generate them or include the key in +attr_accessible+.
|
|
||||||
def primary_key
|
def primary_key
|
||||||
@primary_key = reset_primary_key unless defined? @primary_key
|
@primary_key = reset_primary_key unless defined? @primary_key
|
||||||
@primary_key
|
@primary_key
|
||||||
|
|
|
@ -194,18 +194,6 @@ module ActiveRecord
|
||||||
# the parent model is saved. This happens inside the transaction initiated
|
# the parent model is saved. This happens inside the transaction initiated
|
||||||
# by the parents save method. See ActiveRecord::AutosaveAssociation.
|
# by the parents save method. See ActiveRecord::AutosaveAssociation.
|
||||||
#
|
#
|
||||||
# === Using with attr_accessible
|
|
||||||
#
|
|
||||||
# The use of <tt>attr_accessible</tt> can interfere with nested attributes
|
|
||||||
# if you're not careful. For example, if the <tt>Member</tt> model above
|
|
||||||
# was using <tt>attr_accessible</tt> like this:
|
|
||||||
#
|
|
||||||
# attr_accessible :name
|
|
||||||
#
|
|
||||||
# You would need to modify it to look like this:
|
|
||||||
#
|
|
||||||
# attr_accessible :name, :posts_attributes
|
|
||||||
#
|
|
||||||
# === Validating the presence of a parent model
|
# === Validating the presence of a parent model
|
||||||
#
|
#
|
||||||
# If you want to validate that a child record is associated with a parent
|
# If you want to validate that a child record is associated with a parent
|
||||||
|
@ -224,9 +212,7 @@ module ActiveRecord
|
||||||
module ClassMethods
|
module ClassMethods
|
||||||
REJECT_ALL_BLANK_PROC = proc { |attributes| attributes.all? { |key, value| key == '_destroy' || value.blank? } }
|
REJECT_ALL_BLANK_PROC = proc { |attributes| attributes.all? { |key, value| key == '_destroy' || value.blank? } }
|
||||||
|
|
||||||
# Defines an attributes writer for the specified association(s). If you
|
# Defines an attributes writer for the specified association(s).
|
||||||
# are using <tt>attr_protected</tt> or <tt>attr_accessible</tt>, then you
|
|
||||||
# will need to add the attribute writer to the allowed list.
|
|
||||||
#
|
#
|
||||||
# Supported options:
|
# Supported options:
|
||||||
# [:allow_destroy]
|
# [:allow_destroy]
|
||||||
|
|
|
@ -186,8 +186,8 @@ module ActiveRecord
|
||||||
#
|
#
|
||||||
# When updating model attributes, mass-assignment security protection is respected.
|
# When updating model attributes, mass-assignment security protection is respected.
|
||||||
# If no +:as+ option is supplied then the +:default+ role will be used.
|
# If no +:as+ option is supplied then the +:default+ role will be used.
|
||||||
# If you want to bypass the protection given by +attr_protected+ and
|
# If you want to bypass the forbidden attributes protection then you can do so using
|
||||||
# +attr_accessible+ then you can do so using the +:without_protection+ option.
|
# the +:without_protection+ option.
|
||||||
def update_attributes(attributes, options = {})
|
def update_attributes(attributes, options = {})
|
||||||
# The following transaction covers any possible database side-effects of the
|
# The following transaction covers any possible database side-effects of the
|
||||||
# attributes assignment. For example, setting the IDs of a child collection.
|
# attributes assignment. For example, setting the IDs of a child collection.
|
||||||
|
|
|
@ -4,7 +4,6 @@ require 'active_record/base'
|
||||||
|
|
||||||
module ActiveRecord
|
module ActiveRecord
|
||||||
class SchemaMigration < ActiveRecord::Base
|
class SchemaMigration < ActiveRecord::Base
|
||||||
attr_accessible :version
|
|
||||||
|
|
||||||
def self.table_name
|
def self.table_name
|
||||||
"#{Base.table_name_prefix}schema_migrations#{Base.table_name_suffix}"
|
"#{Base.table_name_prefix}schema_migrations#{Base.table_name_suffix}"
|
||||||
|
|
|
@ -3,10 +3,5 @@ class <%= class_name %> < <%= parent_class_name.classify %>
|
||||||
<% attributes.select {|attr| attr.reference? }.each do |attribute| -%>
|
<% attributes.select {|attr| attr.reference? }.each do |attribute| -%>
|
||||||
belongs_to :<%= attribute.name %><%= ', polymorphic: true' if attribute.polymorphic? %>
|
belongs_to :<%= attribute.name %><%= ', polymorphic: true' if attribute.polymorphic? %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% if !accessible_attributes.empty? -%>
|
|
||||||
attr_accessible <%= accessible_attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>
|
|
||||||
<% else -%>
|
|
||||||
# attr_accessible :title, :body
|
|
||||||
<% end -%>
|
|
||||||
end
|
end
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
|
@ -188,28 +188,6 @@ class HasManyAssociationsTest < ActiveRecord::TestCase
|
||||||
assert_equal invoice.id, line_item.invoice_id
|
assert_equal invoice.id, line_item.invoice_id
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_association_conditions_bypass_attribute_protection
|
|
||||||
car = Car.create(:name => 'honda')
|
|
||||||
|
|
||||||
bulb = car.frickinawesome_bulbs.new
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.frickinawesome_bulbs.new(:frickinawesome => false)
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.frickinawesome_bulbs.build
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.frickinawesome_bulbs.build(:frickinawesome => false)
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.frickinawesome_bulbs.create
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.frickinawesome_bulbs.create(:frickinawesome => false)
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
end
|
|
||||||
|
|
||||||
# When creating objects on the association, we must not do it within a scope (even though it
|
# When creating objects on the association, we must not do it within a scope (even though it
|
||||||
# would be convenient), because this would cause that scope to be applied to any callbacks etc.
|
# would be convenient), because this would cause that scope to be applied to any callbacks etc.
|
||||||
def test_build_and_create_should_not_happen_within_scope
|
def test_build_and_create_should_not_happen_within_scope
|
||||||
|
|
|
@ -58,21 +58,6 @@ class HasManyThroughAssociationsTest < ActiveRecord::TestCase
|
||||||
assert post.reload.people(true).include?(person)
|
assert post.reload.people(true).include?(person)
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_associate_existing_with_strict_mass_assignment_sanitizer
|
|
||||||
SecureReader.mass_assignment_sanitizer = :strict
|
|
||||||
|
|
||||||
SecureReader.new
|
|
||||||
|
|
||||||
post = posts(:thinking)
|
|
||||||
person = people(:david)
|
|
||||||
|
|
||||||
assert_queries(1) do
|
|
||||||
post.secure_people << person
|
|
||||||
end
|
|
||||||
ensure
|
|
||||||
SecureReader.mass_assignment_sanitizer = :logger
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_associate_existing_record_twice_should_add_to_target_twice
|
def test_associate_existing_record_twice_should_add_to_target_twice
|
||||||
post = posts(:thinking)
|
post = posts(:thinking)
|
||||||
person = people(:david)
|
person = people(:david)
|
||||||
|
|
|
@ -446,22 +446,6 @@ class HasOneAssociationsTest < ActiveRecord::TestCase
|
||||||
assert_equal pirate.id, ship.pirate_id
|
assert_equal pirate.id, ship.pirate_id
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_association_conditions_bypass_attribute_protection
|
|
||||||
car = Car.create(:name => 'honda')
|
|
||||||
|
|
||||||
bulb = car.build_frickinawesome_bulb
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.build_frickinawesome_bulb(:frickinawesome => false)
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.create_frickinawesome_bulb
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
|
|
||||||
bulb = car.create_frickinawesome_bulb(:frickinawesome => false)
|
|
||||||
assert_equal true, bulb.frickinawesome?
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_new_is_called_with_attributes_and_options
|
def test_new_is_called_with_attributes_and_options
|
||||||
car = Car.create(:name => 'honda')
|
car = Car.create(:name => 'honda')
|
||||||
|
|
||||||
|
|
|
@ -55,10 +55,6 @@ class ReadonlyTitlePost < Post
|
||||||
attr_readonly :title
|
attr_readonly :title
|
||||||
end
|
end
|
||||||
|
|
||||||
class ProtectedTitlePost < Post
|
|
||||||
attr_protected :title
|
|
||||||
end
|
|
||||||
|
|
||||||
class Weird < ActiveRecord::Base; end
|
class Weird < ActiveRecord::Base; end
|
||||||
|
|
||||||
class Boolean < ActiveRecord::Base
|
class Boolean < ActiveRecord::Base
|
||||||
|
|
|
@ -199,23 +199,7 @@ class DeprecatedDynamicMethodsTest < ActiveRecord::TestCase
|
||||||
assert !new_customer.persisted?
|
assert !new_customer.persisted?
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_find_or_initialize_from_one_attribute_should_not_set_attribute_even_when_protected
|
def test_find_or_initialize_from_one_attribute_should_set_attribute
|
||||||
c = Company.find_or_initialize_by_name({:name => "Fortune 1000", :rating => 1000})
|
|
||||||
assert_equal "Fortune 1000", c.name
|
|
||||||
assert_not_equal 1000, c.rating
|
|
||||||
assert c.valid?
|
|
||||||
assert !c.persisted?
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_create_from_one_attribute_should_not_set_attribute_even_when_protected
|
|
||||||
c = Company.find_or_create_by_name({:name => "Fortune 1000", :rating => 1000})
|
|
||||||
assert_equal "Fortune 1000", c.name
|
|
||||||
assert_not_equal 1000, c.rating
|
|
||||||
assert c.valid?
|
|
||||||
assert c.persisted?
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_initialize_from_one_attribute_should_set_attribute_even_when_protected
|
|
||||||
c = Company.find_or_initialize_by_name_and_rating("Fortune 1000", 1000)
|
c = Company.find_or_initialize_by_name_and_rating("Fortune 1000", 1000)
|
||||||
assert_equal "Fortune 1000", c.name
|
assert_equal "Fortune 1000", c.name
|
||||||
assert_equal 1000, c.rating
|
assert_equal 1000, c.rating
|
||||||
|
@ -223,7 +207,7 @@ class DeprecatedDynamicMethodsTest < ActiveRecord::TestCase
|
||||||
assert !c.persisted?
|
assert !c.persisted?
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_find_or_create_from_one_attribute_should_set_attribute_even_when_protected
|
def test_find_or_create_from_one_attribute_should_set_attribute
|
||||||
c = Company.find_or_create_by_name_and_rating("Fortune 1000", 1000)
|
c = Company.find_or_create_by_name_and_rating("Fortune 1000", 1000)
|
||||||
assert_equal "Fortune 1000", c.name
|
assert_equal "Fortune 1000", c.name
|
||||||
assert_equal 1000, c.rating
|
assert_equal 1000, c.rating
|
||||||
|
@ -231,7 +215,7 @@ class DeprecatedDynamicMethodsTest < ActiveRecord::TestCase
|
||||||
assert c.persisted?
|
assert c.persisted?
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_find_or_initialize_from_one_attribute_should_set_attribute_even_when_protected_and_also_set_the_hash
|
def test_find_or_initialize_from_one_attribute_should_set_attribute_even_when_set_the_hash
|
||||||
c = Company.find_or_initialize_by_rating(1000, {:name => "Fortune 1000"})
|
c = Company.find_or_initialize_by_rating(1000, {:name => "Fortune 1000"})
|
||||||
assert_equal "Fortune 1000", c.name
|
assert_equal "Fortune 1000", c.name
|
||||||
assert_equal 1000, c.rating
|
assert_equal 1000, c.rating
|
||||||
|
@ -239,7 +223,7 @@ class DeprecatedDynamicMethodsTest < ActiveRecord::TestCase
|
||||||
assert !c.persisted?
|
assert !c.persisted?
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_find_or_create_from_one_attribute_should_set_attribute_even_when_protected_and_also_set_the_hash
|
def test_find_or_create_from_one_attribute_should_set_attribute_even_when_set_the_hash
|
||||||
c = Company.find_or_create_by_rating(1000, {:name => "Fortune 1000"})
|
c = Company.find_or_create_by_rating(1000, {:name => "Fortune 1000"})
|
||||||
assert_equal "Fortune 1000", c.name
|
assert_equal "Fortune 1000", c.name
|
||||||
assert_equal 1000, c.rating
|
assert_equal 1000, c.rating
|
||||||
|
@ -247,7 +231,7 @@ class DeprecatedDynamicMethodsTest < ActiveRecord::TestCase
|
||||||
assert c.persisted?
|
assert c.persisted?
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_find_or_initialize_should_set_protected_attributes_if_given_as_block
|
def test_find_or_initialize_should_set_attributes_if_given_as_block
|
||||||
c = Company.find_or_initialize_by_name(:name => "Fortune 1000") { |f| f.rating = 1000 }
|
c = Company.find_or_initialize_by_name(:name => "Fortune 1000") { |f| f.rating = 1000 }
|
||||||
assert_equal "Fortune 1000", c.name
|
assert_equal "Fortune 1000", c.name
|
||||||
assert_equal 1000.to_f, c.rating.to_f
|
assert_equal 1000.to_f, c.rating.to_f
|
||||||
|
@ -255,7 +239,7 @@ class DeprecatedDynamicMethodsTest < ActiveRecord::TestCase
|
||||||
assert !c.persisted?
|
assert !c.persisted?
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_find_or_create_should_set_protected_attributes_if_given_as_block
|
def test_find_or_create_should_set_attributes_if_given_as_block
|
||||||
c = Company.find_or_create_by_name(:name => "Fortune 1000") { |f| f.rating = 1000 }
|
c = Company.find_or_create_by_name(:name => "Fortune 1000") { |f| f.rating = 1000 }
|
||||||
assert_equal "Fortune 1000", c.name
|
assert_equal "Fortune 1000", c.name
|
||||||
assert_equal 1000.to_f, c.rating.to_f
|
assert_equal 1000.to_f, c.rating.to_f
|
||||||
|
|
|
@ -1,966 +0,0 @@
|
||||||
require "cases/helper"
|
|
||||||
require 'models/company'
|
|
||||||
require 'models/subscriber'
|
|
||||||
require 'models/keyboard'
|
|
||||||
require 'models/task'
|
|
||||||
require 'models/person'
|
|
||||||
|
|
||||||
|
|
||||||
module MassAssignmentTestHelpers
|
|
||||||
def setup
|
|
||||||
# another AR test modifies the columns which causes issues with create calls
|
|
||||||
TightPerson.reset_column_information
|
|
||||||
LoosePerson.reset_column_information
|
|
||||||
end
|
|
||||||
|
|
||||||
def attributes_hash
|
|
||||||
{
|
|
||||||
:id => 5,
|
|
||||||
:first_name => 'Josh',
|
|
||||||
:gender => 'm',
|
|
||||||
:comments => 'rides a sweet bike'
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
def assert_default_attributes(person, create = false)
|
|
||||||
unless create
|
|
||||||
assert_nil person.id
|
|
||||||
else
|
|
||||||
assert !!person.id
|
|
||||||
end
|
|
||||||
assert_equal 'Josh', person.first_name
|
|
||||||
assert_equal 'm', person.gender
|
|
||||||
assert_nil person.comments
|
|
||||||
end
|
|
||||||
|
|
||||||
def assert_admin_attributes(person, create = false)
|
|
||||||
unless create
|
|
||||||
assert_nil person.id
|
|
||||||
else
|
|
||||||
assert !!person.id
|
|
||||||
end
|
|
||||||
assert_equal 'Josh', person.first_name
|
|
||||||
assert_equal 'm', person.gender
|
|
||||||
assert_equal 'rides a sweet bike', person.comments
|
|
||||||
end
|
|
||||||
|
|
||||||
def assert_all_attributes(person)
|
|
||||||
assert_equal 5, person.id
|
|
||||||
assert_equal 'Josh', person.first_name
|
|
||||||
assert_equal 'm', person.gender
|
|
||||||
assert_equal 'rides a sweet bike', person.comments
|
|
||||||
end
|
|
||||||
|
|
||||||
def with_strict_sanitizer
|
|
||||||
ActiveRecord::Base.mass_assignment_sanitizer = :strict
|
|
||||||
yield
|
|
||||||
ensure
|
|
||||||
ActiveRecord::Base.mass_assignment_sanitizer = :logger
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
module MassAssignmentRelationTestHelpers
|
|
||||||
def setup
|
|
||||||
super
|
|
||||||
@person = LoosePerson.create(attributes_hash)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
class MassAssignmentSecurityTest < ActiveRecord::TestCase
|
|
||||||
include MassAssignmentTestHelpers
|
|
||||||
|
|
||||||
def test_customized_primary_key_remains_protected
|
|
||||||
subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
|
|
||||||
assert_nil subscriber.id
|
|
||||||
|
|
||||||
keyboard = Keyboard.new(:key_number => 9, :name => 'nice try')
|
|
||||||
assert_nil keyboard.id
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_customized_primary_key_remains_protected_when_referred_to_as_id
|
|
||||||
subscriber = Subscriber.new(:id => 'webster123', :name => 'nice try')
|
|
||||||
assert_nil subscriber.id
|
|
||||||
|
|
||||||
keyboard = Keyboard.new(:id => 9, :name => 'nice try')
|
|
||||||
assert_nil keyboard.id
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_mass_assigning_invalid_attribute
|
|
||||||
firm = Firm.new
|
|
||||||
|
|
||||||
assert_raise(ActiveRecord::UnknownAttributeError) do
|
|
||||||
firm.attributes = { "id" => 5, "type" => "Client", "i_dont_even_exist" => 20 }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_mass_assigning_does_not_choke_on_nil
|
|
||||||
assert_nil Firm.new.assign_attributes(nil)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_mass_assigning_does_not_choke_on_empty_hash
|
|
||||||
assert_nil Firm.new.assign_attributes({})
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_assign_attributes_uses_default_role_when_no_role_is_provided
|
|
||||||
p = LoosePerson.new
|
|
||||||
p.assign_attributes(attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_assign_attributes_skips_mass_assignment_security_protection_when_without_protection_is_used
|
|
||||||
p = LoosePerson.new
|
|
||||||
p.assign_attributes(attributes_hash, :without_protection => true)
|
|
||||||
|
|
||||||
assert_all_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_assign_attributes_with_default_role_and_attr_protected_attributes
|
|
||||||
p = LoosePerson.new
|
|
||||||
p.assign_attributes(attributes_hash, :as => :default)
|
|
||||||
|
|
||||||
assert_default_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_assign_attributes_with_admin_role_and_attr_protected_attributes
|
|
||||||
p = LoosePerson.new
|
|
||||||
p.assign_attributes(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_assign_attributes_with_default_role_and_attr_accessible_attributes
|
|
||||||
p = TightPerson.new
|
|
||||||
p.assign_attributes(attributes_hash, :as => :default)
|
|
||||||
|
|
||||||
assert_default_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_assign_attributes_with_admin_role_and_attr_accessible_attributes
|
|
||||||
p = TightPerson.new
|
|
||||||
p.assign_attributes(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_new_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.new(attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_new_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.new(attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.create(attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.create(attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_new_with_admin_role_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.new(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_new_with_admin_role_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.new(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_admin_role_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.create(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_admin_role_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.create(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_bang_with_admin_role_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.create!(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_bang_with_admin_role_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.create!(attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_new_with_without_protection_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.new(attributes_hash, :without_protection => true)
|
|
||||||
|
|
||||||
assert_all_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_new_with_without_protection_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.new(attributes_hash, :without_protection => true)
|
|
||||||
|
|
||||||
assert_all_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_without_protection_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.create(attributes_hash, :without_protection => true)
|
|
||||||
|
|
||||||
assert_all_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_without_protection_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.create(attributes_hash, :without_protection => true)
|
|
||||||
|
|
||||||
assert_all_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_bang_with_without_protection_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.create!(attributes_hash, :without_protection => true)
|
|
||||||
|
|
||||||
assert_all_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_create_with_bang_with_without_protection_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.create!(attributes_hash, :without_protection => true)
|
|
||||||
|
|
||||||
assert_all_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_protection_against_class_attribute_writers
|
|
||||||
[:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names,
|
|
||||||
:default_timezone, :schema_format, :lock_optimistically, :timestamped_migrations, :default_scopes,
|
|
||||||
:connection_handler, :nested_attributes_options, :_attr_readonly, :attribute_types_cached_by_default,
|
|
||||||
:attribute_method_matchers, :time_zone_aware_attributes, :skip_time_zone_conversion_for_attributes].each do |method|
|
|
||||||
assert_respond_to Task, method
|
|
||||||
assert_respond_to Task, "#{method}="
|
|
||||||
assert_respond_to Task.new, method
|
|
||||||
assert !Task.new.respond_to?("#{method}=")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
test "ActiveRecord::Model.whitelist_attributes works for models which include Model" do
|
|
||||||
begin
|
|
||||||
prev, ActiveRecord::Model.whitelist_attributes = ActiveRecord::Model.whitelist_attributes, true
|
|
||||||
|
|
||||||
klass = Class.new { include ActiveRecord::Model }
|
|
||||||
assert_equal ActiveModel::MassAssignmentSecurity::WhiteList, klass.active_authorizers[:default].class
|
|
||||||
assert_equal [], klass.active_authorizers[:default].to_a
|
|
||||||
ensure
|
|
||||||
ActiveRecord::Model.whitelist_attributes = prev
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
test "ActiveRecord::Model.whitelist_attributes works for models which inherit Base" do
|
|
||||||
begin
|
|
||||||
prev, ActiveRecord::Model.whitelist_attributes = ActiveRecord::Model.whitelist_attributes, true
|
|
||||||
|
|
||||||
klass = Class.new(ActiveRecord::Base)
|
|
||||||
assert_equal ActiveModel::MassAssignmentSecurity::WhiteList, klass.active_authorizers[:default].class
|
|
||||||
assert_equal [], klass.active_authorizers[:default].to_a
|
|
||||||
|
|
||||||
klass.attr_accessible 'foo'
|
|
||||||
assert_equal ['foo'], Class.new(klass).active_authorizers[:default].to_a
|
|
||||||
ensure
|
|
||||||
ActiveRecord::Model.whitelist_attributes = prev
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
test "ActiveRecord::Model.mass_assignment_sanitizer works for models which include Model" do
|
|
||||||
begin
|
|
||||||
sanitizer = Object.new
|
|
||||||
prev, ActiveRecord::Model.mass_assignment_sanitizer = ActiveRecord::Model.mass_assignment_sanitizer, sanitizer
|
|
||||||
|
|
||||||
klass = Class.new { include ActiveRecord::Model }
|
|
||||||
assert_equal sanitizer, klass._mass_assignment_sanitizer
|
|
||||||
|
|
||||||
ActiveRecord::Model.mass_assignment_sanitizer = nil
|
|
||||||
klass = Class.new { include ActiveRecord::Model }
|
|
||||||
assert_not_nil klass._mass_assignment_sanitizer
|
|
||||||
ensure
|
|
||||||
ActiveRecord::Model.mass_assignment_sanitizer = prev
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
test "ActiveRecord::Model.mass_assignment_sanitizer works for models which inherit Base" do
|
|
||||||
begin
|
|
||||||
sanitizer = Object.new
|
|
||||||
prev, ActiveRecord::Model.mass_assignment_sanitizer = ActiveRecord::Model.mass_assignment_sanitizer, sanitizer
|
|
||||||
|
|
||||||
klass = Class.new(ActiveRecord::Base)
|
|
||||||
assert_equal sanitizer, klass._mass_assignment_sanitizer
|
|
||||||
|
|
||||||
sanitizer2 = Object.new
|
|
||||||
klass.mass_assignment_sanitizer = sanitizer2
|
|
||||||
assert_equal sanitizer2, Class.new(klass)._mass_assignment_sanitizer
|
|
||||||
ensure
|
|
||||||
ActiveRecord::Model.mass_assignment_sanitizer = prev
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
# This class should be deleted when we remove activerecord-deprecated_finders as a
|
|
||||||
# dependency.
|
|
||||||
class MassAssignmentSecurityDeprecatedFindersTest < ActiveRecord::TestCase
|
|
||||||
include MassAssignmentTestHelpers
|
|
||||||
|
|
||||||
def setup
|
|
||||||
super
|
|
||||||
@deprecation_behavior = ActiveSupport::Deprecation.behavior
|
|
||||||
ActiveSupport::Deprecation.behavior = :silence
|
|
||||||
end
|
|
||||||
|
|
||||||
def teardown
|
|
||||||
ActiveSupport::Deprecation.behavior = @deprecation_behavior
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_initialize_by_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.find_or_initialize_by_first_name('Josh', attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_initialize_by_with_admin_role_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.find_or_initialize_by_first_name('Josh', attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_initialize_by_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.find_or_initialize_by_first_name('Josh', attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_initialize_by_with_admin_role_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.find_or_initialize_by_first_name('Josh', attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_create_by_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.find_or_create_by_first_name('Josh', attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_create_by_with_admin_role_with_attr_accessible_attributes
|
|
||||||
p = TightPerson.find_or_create_by_first_name('Josh', attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_create_by_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.find_or_create_by_first_name('Josh', attributes_hash)
|
|
||||||
|
|
||||||
assert_default_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_find_or_create_by_with_admin_role_with_attr_protected_attributes
|
|
||||||
p = LoosePerson.find_or_create_by_first_name('Josh', attributes_hash, :as => :admin)
|
|
||||||
|
|
||||||
assert_admin_attributes(p, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
class MassAssignmentSecurityHasOneRelationsTest < ActiveRecord::TestCase
|
|
||||||
include MassAssignmentTestHelpers
|
|
||||||
include MassAssignmentRelationTestHelpers
|
|
||||||
|
|
||||||
# build
|
|
||||||
|
|
||||||
def test_has_one_build_with_attr_protected_attributes
|
|
||||||
best_friend = @person.build_best_friend(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_build_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.build_best_friend(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_build_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.build_best_friend(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_build_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.build_best_friend(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_build_without_protection
|
|
||||||
best_friend = @person.build_best_friend(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_build_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.build_best_friend(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal @person.id, best_friend.best_friend_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# create
|
|
||||||
|
|
||||||
def test_has_one_create_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_without_protection
|
|
||||||
best_friend = @person.create_best_friend(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.create_best_friend(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal @person.id, best_friend.best_friend_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# create!
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_without_protection
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal @person.id, best_friend.best_friend_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
class MassAssignmentSecurityBelongsToRelationsTest < ActiveRecord::TestCase
|
|
||||||
include MassAssignmentTestHelpers
|
|
||||||
include MassAssignmentRelationTestHelpers
|
|
||||||
|
|
||||||
# build
|
|
||||||
|
|
||||||
def test_belongs_to_build_with_attr_protected_attributes
|
|
||||||
best_friend = @person.build_best_friend_of(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_build_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.build_best_friend_of(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_build_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.build_best_friend_of(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_build_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.build_best_friend_of(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_build_without_protection
|
|
||||||
best_friend = @person.build_best_friend_of(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
# create
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend_of(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend_of(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend_of(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend_of(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_without_protection
|
|
||||||
best_friend = @person.create_best_friend_of(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.create_best_friend_of(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal best_friend.id, @person.best_friend_of_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# create!
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_without_protection
|
|
||||||
best_friend = @person.create_best_friend!(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.create_best_friend_of!(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal best_friend.id, @person.best_friend_of_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
class MassAssignmentSecurityHasManyRelationsTest < ActiveRecord::TestCase
|
|
||||||
include MassAssignmentTestHelpers
|
|
||||||
include MassAssignmentRelationTestHelpers
|
|
||||||
|
|
||||||
# build
|
|
||||||
|
|
||||||
def test_has_many_build_with_attr_protected_attributes
|
|
||||||
best_friend = @person.best_friends.build(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_build_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.best_friends.build(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_build_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.best_friends.build(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_build_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.best_friends.build(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_build_without_protection
|
|
||||||
best_friend = @person.best_friends.build(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_build_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.best_friends.build(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal @person.id, best_friend.best_friend_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# create
|
|
||||||
|
|
||||||
def test_has_many_create_with_attr_protected_attributes
|
|
||||||
best_friend = @person.best_friends.create(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.best_friends.create(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.best_friends.create(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.best_friends.create(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_without_protection
|
|
||||||
best_friend = @person.best_friends.create(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.best_friends.create(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal @person.id, best_friend.best_friend_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# create!
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_attr_protected_attributes
|
|
||||||
best_friend = @person.best_friends.create!(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.best_friends.create!(attributes_hash)
|
|
||||||
assert_default_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_admin_role_with_attr_protected_attributes
|
|
||||||
best_friend = @person.best_friends.create!(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_admin_role_with_attr_accessible_attributes
|
|
||||||
best_friend = @person.best_friends.create!(attributes_hash, :as => :admin)
|
|
||||||
assert_admin_attributes(best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_without_protection
|
|
||||||
best_friend = @person.best_friends.create!(attributes_hash, :without_protection => true)
|
|
||||||
assert_all_attributes(best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_strict_sanitizer
|
|
||||||
with_strict_sanitizer do
|
|
||||||
best_friend = @person.best_friends.create!(attributes_hash.except(:id, :comments))
|
|
||||||
assert_equal @person.id, best_friend.best_friend_id
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
class MassAssignmentSecurityNestedAttributesTest < ActiveRecord::TestCase
|
|
||||||
include MassAssignmentTestHelpers
|
|
||||||
|
|
||||||
def nested_attributes_hash(association, collection = false, except = [:id])
|
|
||||||
if collection
|
|
||||||
{ :first_name => 'David' }.merge(:"#{association}_attributes" => [attributes_hash.except(*except)])
|
|
||||||
else
|
|
||||||
{ :first_name => 'David' }.merge(:"#{association}_attributes" => attributes_hash.except(*except))
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# build
|
|
||||||
|
|
||||||
def test_has_one_new_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friend))
|
|
||||||
assert_default_attributes(person.best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_new_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.new(nested_attributes_hash(:best_friend))
|
|
||||||
assert_default_attributes(person.best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_new_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friend), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_new_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.new(nested_attributes_hash(:best_friend), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_new_without_protection
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friend, false, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_new_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friend_of))
|
|
||||||
assert_default_attributes(person.best_friend_of)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_new_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.new(nested_attributes_hash(:best_friend_of))
|
|
||||||
assert_default_attributes(person.best_friend_of)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_new_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friend_of), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend_of)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_new_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.new(nested_attributes_hash(:best_friend_of), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend_of)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_new_without_protection
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friend_of, false, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friend_of)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_new_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friends, true))
|
|
||||||
assert_default_attributes(person.best_friends.first)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_new_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.new(nested_attributes_hash(:best_friends, true))
|
|
||||||
assert_default_attributes(person.best_friends.first)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_new_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friends, true), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friends.first)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_new_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.new(nested_attributes_hash(:best_friends, true), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friends.first)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_new_without_protection
|
|
||||||
person = LoosePerson.new(nested_attributes_hash(:best_friends, true, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friends.first)
|
|
||||||
end
|
|
||||||
|
|
||||||
# create
|
|
||||||
|
|
||||||
def test_has_one_create_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friend))
|
|
||||||
assert_default_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create(nested_attributes_hash(:best_friend))
|
|
||||||
assert_default_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friend), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create(nested_attributes_hash(:best_friend), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_without_protection
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friend, false, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friend_of))
|
|
||||||
assert_default_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create(nested_attributes_hash(:best_friend_of))
|
|
||||||
assert_default_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friend_of), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create(nested_attributes_hash(:best_friend_of), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_without_protection
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friend_of, false, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friend_of)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friends, true))
|
|
||||||
assert_default_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create(nested_attributes_hash(:best_friends, true))
|
|
||||||
assert_default_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friends, true), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create(nested_attributes_hash(:best_friends, true), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_without_protection
|
|
||||||
person = LoosePerson.create(nested_attributes_hash(:best_friends, true, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friends.first)
|
|
||||||
end
|
|
||||||
|
|
||||||
# create!
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friend))
|
|
||||||
assert_default_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create!(nested_attributes_hash(:best_friend))
|
|
||||||
assert_default_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friend), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create!(nested_attributes_hash(:best_friend), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_one_create_with_bang_without_protection
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friend, false, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friend)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friend_of))
|
|
||||||
assert_default_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create!(nested_attributes_hash(:best_friend_of))
|
|
||||||
assert_default_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friend_of), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create!(nested_attributes_hash(:best_friend_of), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friend_of, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_belongs_to_create_with_bang_without_protection
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friend_of, false, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friend_of)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friends, true))
|
|
||||||
assert_default_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create!(nested_attributes_hash(:best_friends, true))
|
|
||||||
assert_default_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_admin_role_with_attr_protected_attributes
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friends, true), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_with_admin_role_with_attr_accessible_attributes
|
|
||||||
person = TightPerson.create!(nested_attributes_hash(:best_friends, true), :as => :admin)
|
|
||||||
assert_admin_attributes(person.best_friends.first, true)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_has_many_create_with_bang_without_protection
|
|
||||||
person = LoosePerson.create!(nested_attributes_hash(:best_friends, true, nil), :without_protection => true)
|
|
||||||
assert_all_attributes(person.best_friends.first)
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_mass_assignment_options_are_reset_after_exception
|
|
||||||
person = NestedPerson.create!({ :first_name => 'David', :gender => 'm' }, :as => :admin)
|
|
||||||
person.create_best_friend!({ :first_name => 'Jeremy', :gender => 'm' }, :as => :admin)
|
|
||||||
|
|
||||||
attributes = { :best_friend_attributes => { :comments => 'rides a sweet bike' } }
|
|
||||||
assert_raises(RuntimeError) { person.assign_attributes(attributes, :as => :admin) }
|
|
||||||
assert_equal 'm', person.best_friend.gender
|
|
||||||
|
|
||||||
person.best_friend_attributes = { :gender => 'f' }
|
|
||||||
assert_equal 'm', person.best_friend.gender
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_mass_assignment_options_are_nested_correctly
|
|
||||||
person = NestedPerson.create!({ :first_name => 'David', :gender => 'm' }, :as => :admin)
|
|
||||||
person.create_best_friend!({ :first_name => 'Jeremy', :gender => 'm' }, :as => :admin)
|
|
||||||
|
|
||||||
attributes = { :best_friend_first_name => 'Josh', :best_friend_attributes => { :gender => 'f' } }
|
|
||||||
person.assign_attributes(attributes, :as => :admin)
|
|
||||||
assert_equal 'Josh', person.best_friend.first_name
|
|
||||||
assert_equal 'f', person.best_friend.gender
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
|
@ -7,12 +7,6 @@ require 'models/developer'
|
||||||
require 'models/parrot'
|
require 'models/parrot'
|
||||||
require 'models/company'
|
require 'models/company'
|
||||||
|
|
||||||
class ProtectedPerson < ActiveRecord::Base
|
|
||||||
self.table_name = 'people'
|
|
||||||
attr_accessor :addon
|
|
||||||
attr_protected :first_name
|
|
||||||
end
|
|
||||||
|
|
||||||
class ValidationsTest < ActiveRecord::TestCase
|
class ValidationsTest < ActiveRecord::TestCase
|
||||||
fixtures :topics, :developers
|
fixtures :topics, :developers
|
||||||
|
|
||||||
|
|
|
@ -2,8 +2,6 @@ class Bulb < ActiveRecord::Base
|
||||||
default_scope { where(:name => 'defaulty') }
|
default_scope { where(:name => 'defaulty') }
|
||||||
belongs_to :car
|
belongs_to :car
|
||||||
|
|
||||||
attr_protected :car_id, :frickinawesome
|
|
||||||
|
|
||||||
attr_reader :scope_after_initialize, :attributes_after_initialize
|
attr_reader :scope_after_initialize, :attributes_after_initialize
|
||||||
|
|
||||||
after_initialize :record_scope_after_initialize
|
after_initialize :record_scope_after_initialize
|
||||||
|
|
|
@ -3,7 +3,6 @@ class AbstractCompany < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
class Company < AbstractCompany
|
class Company < AbstractCompany
|
||||||
attr_protected :rating
|
|
||||||
self.sequence_name = :companies_nonstd_seq
|
self.sequence_name = :companies_nonstd_seq
|
||||||
|
|
||||||
validates_presence_of :name
|
validates_presence_of :name
|
||||||
|
|
|
@ -3,7 +3,6 @@ require 'active_support/core_ext/object/with_options'
|
||||||
module MyApplication
|
module MyApplication
|
||||||
module Business
|
module Business
|
||||||
class Company < ActiveRecord::Base
|
class Company < ActiveRecord::Base
|
||||||
attr_protected :rating
|
|
||||||
end
|
end
|
||||||
|
|
||||||
class Firm < Company
|
class Firm < Company
|
||||||
|
|
|
@ -59,9 +59,6 @@ class LoosePerson < ActiveRecord::Base
|
||||||
self.table_name = 'people'
|
self.table_name = 'people'
|
||||||
self.abstract_class = true
|
self.abstract_class = true
|
||||||
|
|
||||||
attr_protected :comments, :best_friend_id, :best_friend_of_id
|
|
||||||
attr_protected :as => :admin
|
|
||||||
|
|
||||||
has_one :best_friend, :class_name => 'LoosePerson', :foreign_key => :best_friend_id
|
has_one :best_friend, :class_name => 'LoosePerson', :foreign_key => :best_friend_id
|
||||||
belongs_to :best_friend_of, :class_name => 'LoosePerson', :foreign_key => :best_friend_of_id
|
belongs_to :best_friend_of, :class_name => 'LoosePerson', :foreign_key => :best_friend_of_id
|
||||||
has_many :best_friends, :class_name => 'LoosePerson', :foreign_key => :best_friend_id
|
has_many :best_friends, :class_name => 'LoosePerson', :foreign_key => :best_friend_id
|
||||||
|
@ -74,11 +71,6 @@ class LooseDescendant < LoosePerson; end
|
||||||
class TightPerson < ActiveRecord::Base
|
class TightPerson < ActiveRecord::Base
|
||||||
self.table_name = 'people'
|
self.table_name = 'people'
|
||||||
|
|
||||||
attr_accessible :first_name, :gender
|
|
||||||
attr_accessible :first_name, :gender, :comments, :as => :admin
|
|
||||||
attr_accessible :best_friend_attributes, :best_friend_of_attributes, :best_friends_attributes
|
|
||||||
attr_accessible :best_friend_attributes, :best_friend_of_attributes, :best_friends_attributes, :as => :admin
|
|
||||||
|
|
||||||
has_one :best_friend, :class_name => 'TightPerson', :foreign_key => :best_friend_id
|
has_one :best_friend, :class_name => 'TightPerson', :foreign_key => :best_friend_id
|
||||||
belongs_to :best_friend_of, :class_name => 'TightPerson', :foreign_key => :best_friend_of_id
|
belongs_to :best_friend_of, :class_name => 'TightPerson', :foreign_key => :best_friend_of_id
|
||||||
has_many :best_friends, :class_name => 'TightPerson', :foreign_key => :best_friend_id
|
has_many :best_friends, :class_name => 'TightPerson', :foreign_key => :best_friend_id
|
||||||
|
@ -97,10 +89,6 @@ end
|
||||||
class NestedPerson < ActiveRecord::Base
|
class NestedPerson < ActiveRecord::Base
|
||||||
self.table_name = 'people'
|
self.table_name = 'people'
|
||||||
|
|
||||||
attr_accessible :first_name, :best_friend_first_name, :best_friend_attributes
|
|
||||||
attr_accessible :first_name, :gender, :comments, :as => :admin
|
|
||||||
attr_accessible :best_friend_attributes, :best_friend_first_name, :as => :admin
|
|
||||||
|
|
||||||
has_one :best_friend, :class_name => 'NestedPerson', :foreign_key => :best_friend_id
|
has_one :best_friend, :class_name => 'NestedPerson', :foreign_key => :best_friend_id
|
||||||
accepts_nested_attributes_for :best_friend, :update_only => true
|
accepts_nested_attributes_for :best_friend, :update_only => true
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,6 @@ class SecureReader < ActiveRecord::Base
|
||||||
|
|
||||||
belongs_to :secure_post, :class_name => "Post", :foreign_key => "post_id"
|
belongs_to :secure_post, :class_name => "Post", :foreign_key => "post_id"
|
||||||
belongs_to :secure_person, :inverse_of => :secure_readers, :class_name => "Person", :foreign_key => "person_id"
|
belongs_to :secure_person, :inverse_of => :secure_readers, :class_name => "Person", :foreign_key => "person_id"
|
||||||
|
|
||||||
attr_accessible nil
|
|
||||||
end
|
end
|
||||||
|
|
||||||
class LazyReader < ActiveRecord::Base
|
class LazyReader < ActiveRecord::Base
|
||||||
|
|
|
@ -6,8 +6,6 @@ class Reply < Topic
|
||||||
belongs_to :topic, :foreign_key => "parent_id", :counter_cache => true
|
belongs_to :topic, :foreign_key => "parent_id", :counter_cache => true
|
||||||
belongs_to :topic_with_primary_key, :class_name => "Topic", :primary_key => "title", :foreign_key => "parent_title", :counter_cache => "replies_count"
|
belongs_to :topic_with_primary_key, :class_name => "Topic", :primary_key => "title", :foreign_key => "parent_title", :counter_cache => "replies_count"
|
||||||
has_many :replies, :class_name => "SillyReply", :dependent => :destroy, :foreign_key => "parent_id"
|
has_many :replies, :class_name => "SillyReply", :dependent => :destroy, :foreign_key => "parent_id"
|
||||||
|
|
||||||
attr_accessible :title, :author_name, :author_email_address, :written_on, :content, :last_read, :parent_title
|
|
||||||
end
|
end
|
||||||
|
|
||||||
class UniqueReply < Reply
|
class UniqueReply < Reply
|
||||||
|
|
Loading…
Reference in a new issue