mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
4c20825457
The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
42 lines
1.1 KiB
Ruby
42 lines
1.1 KiB
Ruby
require "cases/helper"
|
|
require "active_support/core_ext/hash/indifferent_access"
|
|
require "models/account"
|
|
|
|
class ProtectedParams
|
|
attr_accessor :permitted
|
|
alias :permitted? :permitted
|
|
|
|
delegate :keys, :key?, :has_key?, :empty?, to: :@parameters
|
|
|
|
def initialize(attributes)
|
|
@parameters = attributes
|
|
@permitted = false
|
|
end
|
|
|
|
def permit!
|
|
@permitted = true
|
|
self
|
|
end
|
|
|
|
def to_h
|
|
@parameters
|
|
end
|
|
end
|
|
|
|
class ActiveModelMassUpdateProtectionTest < ActiveSupport::TestCase
|
|
test "forbidden attributes cannot be used for mass updating" do
|
|
params = ProtectedParams.new({ "a" => "b" })
|
|
assert_raises(ActiveModel::ForbiddenAttributesError) do
|
|
Account.new.sanitize_for_mass_assignment(params)
|
|
end
|
|
end
|
|
|
|
test "permitted attributes can be used for mass updating" do
|
|
params = ProtectedParams.new({ "a" => "b" }).permit!
|
|
assert_equal({ "a" => "b" }, Account.new.sanitize_for_mass_assignment(params))
|
|
end
|
|
|
|
test "regular attributes should still be allowed" do
|
|
assert_equal({ a: "b" }, Account.new.sanitize_for_mass_assignment(a: "b"))
|
|
end
|
|
end
|