mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
attr_accessible and attr_protected raise an exception pointing to use plugin or new protection model
This commit is contained in:
parent
91bcebbdef
commit
9bfa13bb06
5 changed files with 41 additions and 0 deletions
|
@ -37,6 +37,7 @@ module ActiveModel
|
||||||
autoload :ForbiddenAttributesProtection
|
autoload :ForbiddenAttributesProtection
|
||||||
autoload :Lint
|
autoload :Lint
|
||||||
autoload :Model
|
autoload :Model
|
||||||
|
autoload :DeprecatedMassAssignmentSecurity
|
||||||
autoload :Name, 'active_model/naming'
|
autoload :Name, 'active_model/naming'
|
||||||
autoload :Naming
|
autoload :Naming
|
||||||
autoload :Observer, 'active_model/observing'
|
autoload :Observer, 'active_model/observing'
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
module ActiveModel
|
||||||
|
module DeprecatedMassAssignmentSecurity
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
module ClassMethods
|
||||||
|
def attr_protected(*args)
|
||||||
|
raise "`attr_protected` is extracted out of Rails into a gem. " \
|
||||||
|
"Please use new recommended protection model for params " \
|
||||||
|
"or add `protected_attributes` to your Gemfile to use old one."
|
||||||
|
end
|
||||||
|
|
||||||
|
def attr_accessible(*args)
|
||||||
|
raise "`attr_accessible` is extracted out of Rails into a gem. " \
|
||||||
|
"Please use new recommended protection model for params " \
|
||||||
|
"or add `protected_attributes` to your Gemfile to use old one."
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,16 @@
|
||||||
|
require 'cases/helper'
|
||||||
|
require 'models/project'
|
||||||
|
|
||||||
|
class DeprecatedMassAssignmentSecurityTest < ActiveModel::TestCase
|
||||||
|
def test_attr_accessible_raise_error
|
||||||
|
assert_raise RuntimeError, /protected_attributes/ do
|
||||||
|
Project.attr_accessible :username
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_attr_protected_raise_error
|
||||||
|
assert_raise RuntimeError, /protected_attributes/ do
|
||||||
|
Project.attr_protected :username
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
3
activemodel/test/models/project.rb
Normal file
3
activemodel/test/models/project.rb
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
class Project
|
||||||
|
include ActiveModel::DeprecatedMassAssignmentSecurity
|
||||||
|
end
|
|
@ -1,6 +1,8 @@
|
||||||
|
|
||||||
module ActiveRecord
|
module ActiveRecord
|
||||||
module AttributeAssignment
|
module AttributeAssignment
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
include ActiveModel::DeprecatedMassAssignmentSecurity
|
||||||
include ActiveModel::ForbiddenAttributesProtection
|
include ActiveModel::ForbiddenAttributesProtection
|
||||||
|
|
||||||
# Allows you to set all the attributes at once by passing in a hash with keys
|
# Allows you to set all the attributes at once by passing in a hash with keys
|
||||||
|
|
Loading…
Reference in a new issue