fixed mass assigment matcher for empty attr_accessible declaration, which should protect all attributes
This commit is contained in:
parent
f1c8b80523
commit
a463849d6b
|
@ -61,23 +61,21 @@ module Shoulda # :nodoc:
|
|||
end
|
||||
|
||||
def whitelisting?
|
||||
!accessible_attributes.empty?
|
||||
authorizer.kind_of?(::ActiveModel::MassAssignmentSecurity::WhiteList)
|
||||
end
|
||||
|
||||
def attr_mass_assignable?
|
||||
if whitelisting?
|
||||
accessible_attributes.include?(@attribute)
|
||||
else
|
||||
!protected_attributes.include?(@attribute)
|
||||
!authorizer.deny?(@attribute)
|
||||
end
|
||||
|
||||
def authorizer
|
||||
@subject.class.active_authorizer
|
||||
end
|
||||
|
||||
def class_name
|
||||
@subject.class.name
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -71,4 +71,16 @@ describe Shoulda::Matchers::ActiveModel::AllowMassAssignmentOfMatcher do
|
|||
end
|
||||
end
|
||||
|
||||
context "an attribute on a class with all protected attributes" do
|
||||
before do
|
||||
define_model :example, :attr => :string do
|
||||
attr_accessible
|
||||
end
|
||||
@model = Example.new
|
||||
end
|
||||
|
||||
it "should reject being mass-assignable" do
|
||||
@model.should_not allow_mass_assignment_of(:attr)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue