Sha256: a0689830fad03a16e13babc43f2202d2a1cd473764208ebebb721af5be84b4f6
Contents?: true
Size: 1.32 KB
Versions: 1
Compression:
Stored size: 1.32 KB
Contents
require 'spec_helper'
describe "Mass assignment protection" do
before(:all) do
class ProtectedParams < ActiveSupport::HashWithIndifferentAccess
attr_accessor :permitted
alias :permitted? :permitted
def initialize(attributes)
super(attributes)
@permitted = false
end
def permit!
@permitted = true
self
end
def dup
super.tap do |duplicate|
duplicate.instance_variable_set :@permitted, @permitted
end
end
end
class Person < ActiveFedora::Base
property :first_name, predicate: ::RDF::FOAF.firstName, multiple: false
property :gender, predicate: ::RDF::FOAF.gender, multiple: false
end
end
after(:all) do
Object.send(:remove_const, :ProtectedParams)
Object.send(:remove_const, :Person)
end
context "forbidden attributes" do
let(:params) { ProtectedParams.new(first_name: 'Guille', gender: 'm') }
it "cannot be used for mass assignment" do
expect { Person.new(params) }.to raise_error ActiveModel::ForbiddenAttributesError
end
end
context "permitted attributes" do
let(:params) { ProtectedParams.new(first_name: 'Guille', gender: 'm').permit! }
it "cannot be used for mass assignment" do
expect { Person.new(params) }.not_to raise_error
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| active-fedora-9.0.0.beta8 | spec/unit/forbidden_attributes_protection_spec.rb |