thoughtbot--shoulda-matchers/lib/shoulda/matchers/active_model/allow_mass_assignment_of_ma...

module Shoulda # :nodoc:
  module Matchers
    module ActiveModel # :nodoc:

      # Ensures that the attribute can be set on mass update.
      #
      #   it { should_not allow_mass_assignment_of(:password) }
      #   it { should allow_mass_assignment_of(:first_name) }
      #
      def allow_mass_assignment_of(value)
        AllowMassAssignmentOfMatcher.new(value)
      end

      class AllowMassAssignmentOfMatcher # :nodoc:

        def initialize(attribute)
          @attribute = attribute.to_s
        end

        def matches?(subject)
          @subject = subject
          if attr_mass_assignable?
            if whitelisting?
              @negative_failure_message = "#{@attribute} was made accessible"
            else
              if protected_attributes.empty?
                @negative_failure_message = "no attributes were protected"
              else
                @negative_failure_message = "#{class_name} is protecting " <<
                  "#{protected_attributes.to_a.to_sentence}, " <<
                  "but not #{@attribute}."
              end
            end
            true
          else
            if whitelisting?
              @failure_message =
                "Expected #{@attribute} to be accessible"
            else
              @failure_message =
                "Did not expect #{@attribute} to be protected"
            end
            false
          end
        end

        attr_reader :failure_message, :negative_failure_message

        def description
          "allow mass assignment of #{@attribute}"
        end

        private

        def protected_attributes
          @protected_attributes ||= (@subject.class.protected_attributes || [])
        end

        def accessible_attributes
          @accessible_attributes ||= (@subject.class.accessible_attributes || [])
        end

        def whitelisting?
          authorizer.kind_of?(::ActiveModel::MassAssignmentSecurity::WhiteList)
        end

        def attr_mass_assignable?
          !authorizer.deny?(@attribute)
        end

        def authorizer
          @subject.class.active_authorizer
        end

        def class_name
          @subject.class.name
        end
      end
    end
  end
end
Move into the Matchers namespace 2010-12-15 22:34:19 +00:00			`module Shoulda # :nodoc:`
			`module Matchers`
Seperate ActiveRecord and ActiveModel related matchers 2011-05-06 11:51:12 +00:00			`module ActiveModel # :nodoc:`
Move into the Matchers namespace 2010-12-15 22:34:19 +00:00
			`# Ensures that the attribute can be set on mass update.`
			`#`
			`# it { should_not allow_mass_assignment_of(:password) }`
			`# it { should allow_mass_assignment_of(:first_name) }`
			`#`
			`def allow_mass_assignment_of(value)`
			`AllowMassAssignmentOfMatcher.new(value)`
			`end`

			`class AllowMassAssignmentOfMatcher # :nodoc:`

			`def initialize(attribute)`
			`@attribute = attribute.to_s`
			`end`

			`def matches?(subject)`
			`@subject = subject`
			`if attr_mass_assignable?`
			`if whitelisting?`
			`@negative_failure_message = "#{@attribute} was made accessible"`
			`else`
			`if protected_attributes.empty?`
			`@negative_failure_message = "no attributes were protected"`
			`else`
			`@negative_failure_message = "#{class_name} is protecting " <<`
			`"#{protected_attributes.to_a.to_sentence}, " <<`
			`"but not #{@attribute}."`
			`end`
			`end`
			`true`
			`else`
			`if whitelisting?`
			`@failure_message =`
			`"Expected #{@attribute} to be accessible"`
			`else`
			`@failure_message =`
			`"Did not expect #{@attribute} to be protected"`
			`end`
			`false`
			`end`
			`end`

			`attr_reader :failure_message, :negative_failure_message`

			`def description`
			`"allow mass assignment of #{@attribute}"`
			`end`

			`private`

			`def protected_attributes`
			`@protected_attributes \|\|= (@subject.class.protected_attributes \|\| [])`
			`end`

			`def accessible_attributes`
			`@accessible_attributes \|\|= (@subject.class.accessible_attributes \|\| [])`
			`end`

			`def whitelisting?`
fixed mass assigment matcher for empty attr_accessible declaration, which should protect all attributes 2011-06-03 10:30:14 +00:00			`authorizer.kind_of?(::ActiveModel::MassAssignmentSecurity::WhiteList)`
Move into the Matchers namespace 2010-12-15 22:34:19 +00:00			`end`

			`def attr_mass_assignable?`
fixed mass assigment matcher for empty attr_accessible declaration, which should protect all attributes 2011-06-03 10:30:14 +00:00			`!authorizer.deny?(@attribute)`
			`end`

			`def authorizer`
			`@subject.class.active_authorizer`
Move into the Matchers namespace 2010-12-15 22:34:19 +00:00			`end`

			`def class_name`
			`@subject.class.name`
			`end`
			`end`
			`end`
			`end`
			`end`