Fix config.active_record.whitelist_attributes with AR::Model

activerecord/lib/active_record/attribute_assignment.rb

@@ -1,11 +1,24 @@
 require 'active_support/concern'
 
 module ActiveRecord
+  ActiveSupport.on_load(:active_record_config) do
+    mattr_accessor :whitelist_attributes, instance_accessor: false
+  end
+
   module AttributeAssignment
     extend ActiveSupport::Concern
     include ActiveModel::MassAssignmentSecurity
 
+    included do
+      attr_accessible(nil) if Model.whitelist_attributes
+    end
+
     module ClassMethods
+      def inherited(child) # :nodoc:
+        child.attr_accessible(nil) if Model.whitelist_attributes
+        super
+      end
+
       private
 
       # The primary key and inheritance column can never be set by mass-assignment for security reasons.

activerecord/lib/active_record/railtie.rb

@@ -68,9 +68,6 @@ module ActiveRecord
 
     initializer "active_record.set_configs" do |app|
       ActiveSupport.on_load(:active_record) do
-        if app.config.active_record.delete(:whitelist_attributes)
-          attr_accessible(nil)
-        end
         app.config.active_record.each do |k,v|
           send "#{k}=", v
         end

activerecord/test/cases/mass_assignment_security_test.rb

@@ -251,6 +251,33 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
       assert !Task.new.respond_to?("#{method}=")
     end
   end
+
+  test "ActiveRecord::Model.whitelist_attributes works for models which include Model" do
+    begin
+      prev, ActiveRecord::Model.whitelist_attributes = ActiveRecord::Model.whitelist_attributes, true
+
+      klass = Class.new { include ActiveRecord::Model }
+      assert_equal ActiveModel::MassAssignmentSecurity::WhiteList, klass.active_authorizers[:default].class
+      assert_equal [], klass.active_authorizers[:default].to_a
+    ensure
+      ActiveRecord::Model.whitelist_attributes = prev
+    end
+  end
+
+  test "ActiveRecord::Model.whitelist_attributes works for models which inherit Base" do
+    begin
+      prev, ActiveRecord::Model.whitelist_attributes = ActiveRecord::Model.whitelist_attributes, true
+
+      klass = Class.new(ActiveRecord::Base)
+      assert_equal ActiveModel::MassAssignmentSecurity::WhiteList, klass.active_authorizers[:default].class
+      assert_equal [], klass.active_authorizers[:default].to_a
+
+      klass.attr_accessible 'foo'
+      assert_equal ['foo'], Class.new(klass).active_authorizers[:default].to_a
+    ensure
+      ActiveRecord::Model.whitelist_attributes = prev
+    end
+  end
 end
 
 

railties/test/application/configuration_test.rb

@@ -374,9 +374,10 @@ module ApplicationTests
 
       require "#{app_path}/config/environment"
 
-      assert_equal ActiveModel::MassAssignmentSecurity::WhiteList,
-                   ActiveRecord::Base.active_authorizers[:default].class
-      assert_equal [], ActiveRecord::Base.active_authorizers[:default].to_a
+      klass = Class.new(ActiveRecord::Base)
+
+      assert_equal ActiveModel::MassAssignmentSecurity::WhiteList, klass.active_authorizers[:default].class
+      assert_equal [], klass.active_authorizers[:default].to_a
     end
 
     test "registers interceptors with ActionMailer" do