protected_attributes 1.0.9 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,1077 +0,0 @@
1
- require 'test_helper'
2
- require 'ar_helper'
3
- require 'active_record/mass_assignment_security'
4
- require 'models/battle'
5
- require 'models/company'
6
- require 'models/group'
7
- require 'models/keyboard'
8
- require 'models/membership'
9
- require 'models/person'
10
- require 'models/pirate'
11
- require 'models/subscriber'
12
- require 'models/task'
13
- require 'models/team'
14
- require 'models/vampire'
15
- require 'models/wolf'
16
-
17
- module MassAssignmentTestHelpers
18
- def teardown
19
- ActiveRecord::Base.send(:descendants).each do |klass|
20
- begin
21
- klass.delete_all
22
- rescue
23
- end
24
- end
25
- end
26
-
27
- def attributes_hash
28
- {
29
- :id => 5,
30
- :first_name => 'Josh',
31
- :gender => 'm',
32
- :comments => 'rides a sweet bike'
33
- }
34
- end
35
-
36
- def assert_default_attributes(person, create = false)
37
- unless create
38
- assert_nil person.id
39
- else
40
- assert !!person.id
41
- end
42
- assert_equal 'Josh', person.first_name
43
- assert_equal 'm', person.gender
44
- assert_nil person.comments
45
- end
46
-
47
- def assert_admin_attributes(person, create = false)
48
- unless create
49
- assert_nil person.id
50
- else
51
- assert !!person.id
52
- end
53
- assert_equal 'Josh', person.first_name
54
- assert_equal 'm', person.gender
55
- assert_equal 'rides a sweet bike', person.comments
56
- end
57
-
58
- def assert_all_attributes(person)
59
- assert_equal 5, person.id
60
- assert_equal 'Josh', person.first_name
61
- assert_equal 'm', person.gender
62
- assert_equal 'rides a sweet bike', person.comments
63
- end
64
-
65
- def with_strict_sanitizer
66
- ActiveRecord::Base.mass_assignment_sanitizer = :strict
67
- yield
68
- ensure
69
- ActiveRecord::Base.mass_assignment_sanitizer = :logger
70
- end
71
- end
72
-
73
- module MassAssignmentRelationTestHelpers
74
- def setup
75
- super
76
- @person = LoosePerson.create(attributes_hash)
77
- end
78
- end
79
-
80
- class AttributeSanitizationTest < ActiveSupport::TestCase
81
- include MassAssignmentTestHelpers
82
-
83
- def test_customized_primary_key_remains_protected
84
- subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
85
- assert_nil subscriber.id
86
-
87
- keyboard = Keyboard.new(:key_number => 9, :name => 'nice try')
88
- assert_nil keyboard.id
89
- end
90
-
91
- def test_customized_primary_key_remains_protected_when_referred_to_as_id
92
- subscriber = Subscriber.new(:id => 'webster123', :name => 'nice try')
93
- assert_nil subscriber.id
94
-
95
- keyboard = Keyboard.new(:id => 9, :name => 'nice try')
96
- assert_nil keyboard.id
97
- end
98
-
99
- def test_mass_assigning_invalid_attribute
100
- firm = Firm.new
101
-
102
- assert_raise(ActiveRecord::UnknownAttributeError) do
103
- firm.attributes = { "id" => 5, "type" => "Client", "i_dont_even_exist" => 20 }
104
- end
105
- end
106
-
107
- def test_mass_assigning_does_not_choke_on_nil
108
- assert_nil Firm.new.assign_attributes(nil)
109
- end
110
-
111
- def test_mass_assigning_does_not_choke_on_empty_hash
112
- assert_nil Firm.new.assign_attributes({})
113
- end
114
-
115
- def test_assign_attributes_uses_default_role_when_no_role_is_provided
116
- p = LoosePerson.new
117
- p.assign_attributes(attributes_hash)
118
-
119
- assert_default_attributes(p)
120
- end
121
-
122
- def test_assign_attributes_skips_mass_assignment_security_protection_when_without_protection_is_used
123
- p = LoosePerson.new
124
- p.assign_attributes(attributes_hash, :without_protection => true)
125
-
126
- assert_all_attributes(p)
127
- end
128
-
129
- def test_assign_attributes_with_default_role_and_attr_protected_attributes
130
- p = LoosePerson.new
131
- p.assign_attributes(attributes_hash, :as => :default)
132
-
133
- assert_default_attributes(p)
134
- end
135
-
136
- def test_assign_attributes_with_admin_role_and_attr_protected_attributes
137
- p = LoosePerson.new
138
- p.assign_attributes(attributes_hash, :as => :admin)
139
-
140
- assert_admin_attributes(p)
141
- end
142
-
143
- def test_assign_attributes_with_default_role_and_attr_accessible_attributes
144
- p = TightPerson.new
145
- p.assign_attributes(attributes_hash, :as => :default)
146
-
147
- assert_default_attributes(p)
148
- end
149
-
150
- def test_assign_attributes_with_admin_role_and_attr_accessible_attributes
151
- p = TightPerson.new
152
- p.assign_attributes(attributes_hash, :as => :admin)
153
-
154
- assert_admin_attributes(p)
155
- end
156
-
157
- def test_new_with_attr_accessible_attributes
158
- p = TightPerson.new(attributes_hash)
159
-
160
- assert_default_attributes(p)
161
- end
162
-
163
- def test_new_with_attr_protected_attributes
164
- p = LoosePerson.new(attributes_hash)
165
-
166
- assert_default_attributes(p)
167
- end
168
-
169
- def test_create_with_attr_accessible_attributes
170
- p = TightPerson.create(attributes_hash)
171
-
172
- assert_default_attributes(p, true)
173
- end
174
-
175
- def test_create_with_attr_protected_attributes
176
- p = LoosePerson.create(attributes_hash)
177
-
178
- assert_default_attributes(p, true)
179
- end
180
-
181
- def test_new_with_admin_role_with_attr_accessible_attributes
182
- p = TightPerson.new(attributes_hash, :as => :admin)
183
-
184
- assert_admin_attributes(p)
185
- end
186
-
187
- def test_new_with_admin_role_with_attr_protected_attributes
188
- p = LoosePerson.new(attributes_hash, :as => :admin)
189
-
190
- assert_admin_attributes(p)
191
- end
192
-
193
- def test_create_with_admin_role_with_attr_accessible_attributes
194
- p = TightPerson.create(attributes_hash, :as => :admin)
195
-
196
- assert_admin_attributes(p, true)
197
- end
198
-
199
- def test_create_with_admin_role_with_attr_protected_attributes
200
- p = LoosePerson.create(attributes_hash, :as => :admin)
201
-
202
- assert_admin_attributes(p, true)
203
- end
204
-
205
- def test_create_with_bang_with_admin_role_with_attr_accessible_attributes
206
- p = TightPerson.create!(attributes_hash, :as => :admin)
207
-
208
- assert_admin_attributes(p, true)
209
- end
210
-
211
- def test_create_with_bang_with_admin_role_with_attr_protected_attributes
212
- p = LoosePerson.create!(attributes_hash, :as => :admin)
213
-
214
- assert_admin_attributes(p, true)
215
- end
216
-
217
- def test_new_with_without_protection_with_attr_accessible_attributes
218
- p = TightPerson.new(attributes_hash, :without_protection => true)
219
-
220
- assert_all_attributes(p)
221
- end
222
-
223
- def test_new_with_without_protection_with_attr_protected_attributes
224
- p = LoosePerson.new(attributes_hash, :without_protection => true)
225
-
226
- assert_all_attributes(p)
227
- end
228
-
229
- def test_create_with_without_protection_with_attr_accessible_attributes
230
- p = TightPerson.create(attributes_hash, :without_protection => true)
231
-
232
- assert_all_attributes(p)
233
- end
234
-
235
- def test_create_with_without_protection_with_attr_protected_attributes
236
- p = LoosePerson.create(attributes_hash, :without_protection => true)
237
-
238
- assert_all_attributes(p)
239
- end
240
-
241
- def test_create_with_bang_with_without_protection_with_attr_accessible_attributes
242
- p = TightPerson.create!(attributes_hash, :without_protection => true)
243
-
244
- assert_all_attributes(p)
245
- end
246
-
247
- def test_create_with_bang_with_without_protection_with_attr_protected_attributes
248
- p = LoosePerson.create!(attributes_hash, :without_protection => true)
249
-
250
- assert_all_attributes(p)
251
- end
252
-
253
- def test_protection_against_class_attribute_writers
254
- attribute_writers = [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names,
255
- :default_timezone, :schema_format, :lock_optimistically, :timestamped_migrations, :default_scopes,
256
- :connection_handler, :nested_attributes_options,
257
- :attribute_method_matchers, :time_zone_aware_attributes, :skip_time_zone_conversion_for_attributes]
258
-
259
- attribute_writers.push(:_attr_readonly) if active_record_40?
260
-
261
- attribute_writers.each do |method|
262
- assert_respond_to Task, method
263
- assert_respond_to Task, "#{method}="
264
- assert_respond_to Task.new, method unless method == :configurations && !active_record_40?
265
- assert !Task.new.respond_to?("#{method}=")
266
- end
267
- end
268
-
269
- def test_new_with_protected_inheritance_column
270
- firm = Company.new(type: "Firm")
271
- assert_equal Company, firm.class
272
- end
273
-
274
- def test_new_with_accessible_inheritance_column
275
- corporation = Corporation.new(type: "SpecialCorporation")
276
- assert_equal SpecialCorporation, corporation.class
277
- end
278
-
279
- def test_new_with_invalid_inheritance_column_class
280
- assert_raise(ActiveRecord::SubclassNotFound) { Corporation.new(type: "InvalidCorporation") }
281
- end
282
-
283
- def test_new_with_unrelated_inheritance_column_class
284
- assert_raise(ActiveRecord::SubclassNotFound) { Corporation.new(type: "Person") }
285
- end
286
-
287
- def test_update_attributes_as_admin
288
- person = TightPerson.create({ "first_name" => 'Joshua' })
289
- person.update_attributes({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :as => :admin)
290
- person.reload
291
-
292
- assert_equal 'Josh', person.first_name
293
- assert_equal 'm', person.gender
294
- assert_equal 'from NZ', person.comments
295
- end
296
-
297
- def test_update_attributes_without_protection
298
- person = TightPerson.create({ "first_name" => 'Joshua' })
299
- person.update_attributes({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :without_protection => true)
300
- person.reload
301
-
302
- assert_equal 'Josh', person.first_name
303
- assert_equal 'm', person.gender
304
- assert_equal 'from NZ', person.comments
305
- end
306
-
307
- def test_update_attributes_with_bang_as_admin
308
- person = TightPerson.create({ "first_name" => 'Joshua' })
309
- person.update_attributes!({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :as => :admin)
310
- person.reload
311
-
312
- assert_equal 'Josh', person.first_name
313
- assert_equal 'm', person.gender
314
- assert_equal 'from NZ', person.comments
315
- end
316
-
317
- def test_update_attributes_with_bang_without_protection
318
- person = TightPerson.create({ "first_name" => 'Joshua' })
319
- person.update_attributes!({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :without_protection => true)
320
- person.reload
321
-
322
- assert_equal 'Josh', person.first_name
323
- assert_equal 'm', person.gender
324
- assert_equal 'from NZ', person.comments
325
- end
326
-
327
- def test_update_as_admin
328
- person = TightPerson.create({ "first_name" => 'Joshua' })
329
- person.update({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :as => :admin)
330
- person.reload
331
-
332
- assert_equal 'Josh', person.first_name
333
- assert_equal 'm', person.gender
334
- assert_equal 'from NZ', person.comments
335
- end
336
-
337
- def test_update_without_protection
338
- person = TightPerson.create({ "first_name" => 'Joshua' })
339
- person.update({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :without_protection => true)
340
- person.reload
341
-
342
- assert_equal 'Josh', person.first_name
343
- assert_equal 'm', person.gender
344
- assert_equal 'from NZ', person.comments
345
- end
346
-
347
- def test_update_with_bang_as_admin
348
- person = TightPerson.create({ "first_name" => 'Joshua' })
349
- person.update!({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :as => :admin)
350
- person.reload
351
-
352
- assert_equal 'Josh', person.first_name
353
- assert_equal 'm', person.gender
354
- assert_equal 'from NZ', person.comments
355
- end
356
-
357
- def test_update_with_bang_without_protection
358
- person = TightPerson.create({ "first_name" => 'Joshua' })
359
- person.update!({ "first_name" => 'Josh', "gender" => 'm', "comments" => 'from NZ' }, :without_protection => true)
360
- person.reload
361
-
362
- assert_equal 'Josh', person.first_name
363
- assert_equal 'm', person.gender
364
- assert_equal 'from NZ', person.comments
365
- end
366
- end
367
-
368
-
369
- if active_record_40?
370
- # This class should be deleted when we remove activerecord-deprecated_finders as a
371
- # dependency.
372
- class MassAssignmentSecurityDeprecatedFindersTest < ActiveSupport::TestCase
373
- include MassAssignmentTestHelpers
374
-
375
- def setup
376
- super
377
- @deprecation_behavior = ActiveSupport::Deprecation.behavior
378
- ActiveSupport::Deprecation.behavior = :silence
379
- end
380
-
381
- def teardown
382
- super
383
- ActiveSupport::Deprecation.behavior = @deprecation_behavior
384
- end
385
-
386
- def test_find_or_initialize_by_with_attr_accessible_attributes
387
- p = TightPerson.find_or_initialize_by_first_name('Josh', attributes_hash)
388
-
389
- assert_default_attributes(p)
390
- end
391
-
392
- def test_find_or_initialize_by_with_admin_role_with_attr_accessible_attributes
393
- p = TightPerson.find_or_initialize_by_first_name('Josh', attributes_hash, :as => :admin)
394
-
395
- assert_admin_attributes(p)
396
- end
397
-
398
- def test_find_or_initialize_by_with_attr_protected_attributes
399
- p = LoosePerson.find_or_initialize_by_first_name('Josh', attributes_hash)
400
-
401
- assert_default_attributes(p)
402
- end
403
-
404
- def test_find_or_initialize_by_with_admin_role_with_attr_protected_attributes
405
- p = LoosePerson.find_or_initialize_by_first_name('Josh', attributes_hash, :as => :admin)
406
-
407
- assert_admin_attributes(p)
408
- end
409
-
410
- def test_find_or_create_by_with_attr_accessible_attributes
411
- p = TightPerson.find_or_create_by_first_name('Josh', attributes_hash)
412
-
413
- assert_default_attributes(p, true)
414
- end
415
-
416
- def test_find_or_create_by_with_admin_role_with_attr_accessible_attributes
417
- p = TightPerson.find_or_create_by_first_name('Josh', attributes_hash, :as => :admin)
418
-
419
- assert_admin_attributes(p, true)
420
- end
421
-
422
- def test_find_or_create_by_with_attr_protected_attributes
423
- p = LoosePerson.find_or_create_by_first_name('Josh', attributes_hash)
424
-
425
- assert_default_attributes(p, true)
426
- end
427
-
428
- def test_find_or_create_by_with_admin_role_with_attr_protected_attributes
429
- p = LoosePerson.find_or_create_by_first_name('Josh', attributes_hash, :as => :admin)
430
-
431
- assert_admin_attributes(p, true)
432
- end
433
- end
434
- end
435
-
436
- class MassAssignmentSecurityHasOneRelationsTest < ActiveSupport::TestCase
437
- include MassAssignmentTestHelpers
438
- include MassAssignmentRelationTestHelpers
439
-
440
- # build
441
-
442
- def test_has_one_build_with_attr_protected_attributes
443
- best_friend = @person.build_best_friend(attributes_hash)
444
- assert_default_attributes(best_friend)
445
- end
446
-
447
- def test_has_one_build_with_attr_accessible_attributes
448
- best_friend = @person.build_best_friend(attributes_hash)
449
- assert_default_attributes(best_friend)
450
- end
451
-
452
- def test_has_one_build_with_admin_role_with_attr_protected_attributes
453
- best_friend = @person.build_best_friend(attributes_hash, :as => :admin)
454
- assert_admin_attributes(best_friend)
455
- end
456
-
457
- def test_has_one_build_with_admin_role_with_attr_accessible_attributes
458
- best_friend = @person.build_best_friend(attributes_hash, :as => :admin)
459
- assert_admin_attributes(best_friend)
460
- end
461
-
462
- def test_has_one_build_without_protection
463
- best_friend = @person.build_best_friend(attributes_hash, :without_protection => true)
464
- assert_all_attributes(best_friend)
465
- end
466
-
467
- def test_has_one_build_with_strict_sanitizer
468
- with_strict_sanitizer do
469
- best_friend = @person.build_best_friend(attributes_hash.except(:id, :comments))
470
- assert_equal @person.id, best_friend.best_friend_id
471
- end
472
- end
473
-
474
- # create
475
-
476
- def test_has_one_create_with_attr_protected_attributes
477
- best_friend = @person.create_best_friend(attributes_hash)
478
- assert_default_attributes(best_friend, true)
479
- end
480
-
481
- def test_has_one_create_with_attr_accessible_attributes
482
- best_friend = @person.create_best_friend(attributes_hash)
483
- assert_default_attributes(best_friend, true)
484
- end
485
-
486
- def test_has_one_create_with_admin_role_with_attr_protected_attributes
487
- best_friend = @person.create_best_friend(attributes_hash, :as => :admin)
488
- assert_admin_attributes(best_friend, true)
489
- end
490
-
491
- def test_has_one_create_with_admin_role_with_attr_accessible_attributes
492
- best_friend = @person.create_best_friend(attributes_hash, :as => :admin)
493
- assert_admin_attributes(best_friend, true)
494
- end
495
-
496
- def test_has_one_create_without_protection
497
- best_friend = @person.create_best_friend(attributes_hash, :without_protection => true)
498
- assert_all_attributes(best_friend)
499
- end
500
-
501
- def test_has_one_create_with_strict_sanitizer
502
- with_strict_sanitizer do
503
- best_friend = @person.create_best_friend(attributes_hash.except(:id, :comments))
504
- assert_equal @person.id, best_friend.best_friend_id
505
- end
506
- end
507
-
508
- # create!
509
-
510
- def test_has_one_create_with_bang_with_attr_protected_attributes
511
- best_friend = @person.create_best_friend!(attributes_hash)
512
- assert_default_attributes(best_friend, true)
513
- end
514
-
515
- def test_has_one_create_with_bang_with_attr_accessible_attributes
516
- best_friend = @person.create_best_friend!(attributes_hash)
517
- assert_default_attributes(best_friend, true)
518
- end
519
-
520
- def test_has_one_create_with_bang_with_admin_role_with_attr_protected_attributes
521
- best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
522
- assert_admin_attributes(best_friend, true)
523
- end
524
-
525
- def test_has_one_create_with_bang_with_admin_role_with_attr_accessible_attributes
526
- best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
527
- assert_admin_attributes(best_friend, true)
528
- end
529
-
530
- def test_has_one_create_with_bang_without_protection
531
- best_friend = @person.create_best_friend!(attributes_hash, :without_protection => true)
532
- assert_all_attributes(best_friend)
533
- end
534
-
535
- def test_has_one_create_with_bang_with_strict_sanitizer
536
- with_strict_sanitizer do
537
- best_friend = @person.create_best_friend!(attributes_hash.except(:id, :comments))
538
- assert_equal @person.id, best_friend.best_friend_id
539
- end
540
- end
541
-
542
- end
543
-
544
-
545
- class MassAssignmentSecurityBelongsToRelationsTest < ActiveSupport::TestCase
546
- include MassAssignmentTestHelpers
547
- include MassAssignmentRelationTestHelpers
548
-
549
- # build
550
-
551
- def test_belongs_to_build_with_attr_protected_attributes
552
- best_friend = @person.build_best_friend_of(attributes_hash)
553
- assert_default_attributes(best_friend)
554
- end
555
-
556
- def test_belongs_to_build_with_attr_accessible_attributes
557
- best_friend = @person.build_best_friend_of(attributes_hash)
558
- assert_default_attributes(best_friend)
559
- end
560
-
561
- def test_belongs_to_build_with_admin_role_with_attr_protected_attributes
562
- best_friend = @person.build_best_friend_of(attributes_hash, :as => :admin)
563
- assert_admin_attributes(best_friend)
564
- end
565
-
566
- def test_belongs_to_build_with_admin_role_with_attr_accessible_attributes
567
- best_friend = @person.build_best_friend_of(attributes_hash, :as => :admin)
568
- assert_admin_attributes(best_friend)
569
- end
570
-
571
- def test_belongs_to_build_without_protection
572
- best_friend = @person.build_best_friend_of(attributes_hash, :without_protection => true)
573
- assert_all_attributes(best_friend)
574
- end
575
-
576
- # create
577
-
578
- def test_belongs_to_create_with_attr_protected_attributes
579
- best_friend = @person.create_best_friend_of(attributes_hash)
580
- assert_default_attributes(best_friend, true)
581
- end
582
-
583
- def test_belongs_to_create_with_attr_accessible_attributes
584
- best_friend = @person.create_best_friend_of(attributes_hash)
585
- assert_default_attributes(best_friend, true)
586
- end
587
-
588
- def test_belongs_to_create_with_admin_role_with_attr_protected_attributes
589
- best_friend = @person.create_best_friend_of(attributes_hash, :as => :admin)
590
- assert_admin_attributes(best_friend, true)
591
- end
592
-
593
- def test_belongs_to_create_with_admin_role_with_attr_accessible_attributes
594
- best_friend = @person.create_best_friend_of(attributes_hash, :as => :admin)
595
- assert_admin_attributes(best_friend, true)
596
- end
597
-
598
- def test_belongs_to_create_without_protection
599
- best_friend = @person.create_best_friend_of(attributes_hash, :without_protection => true)
600
- assert_all_attributes(best_friend)
601
- end
602
-
603
- def test_belongs_to_create_with_strict_sanitizer
604
- with_strict_sanitizer do
605
- best_friend = @person.create_best_friend_of(attributes_hash.except(:id, :comments))
606
- assert_equal best_friend.id, @person.best_friend_of_id
607
- end
608
- end
609
-
610
- # create!
611
-
612
- def test_belongs_to_create_with_bang_with_attr_protected_attributes
613
- best_friend = @person.create_best_friend!(attributes_hash)
614
- assert_default_attributes(best_friend, true)
615
- end
616
-
617
- def test_belongs_to_create_with_bang_with_attr_accessible_attributes
618
- best_friend = @person.create_best_friend!(attributes_hash)
619
- assert_default_attributes(best_friend, true)
620
- end
621
-
622
- def test_belongs_to_create_with_bang_with_admin_role_with_attr_protected_attributes
623
- best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
624
- assert_admin_attributes(best_friend, true)
625
- end
626
-
627
- def test_belongs_to_create_with_bang_with_admin_role_with_attr_accessible_attributes
628
- best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
629
- assert_admin_attributes(best_friend, true)
630
- end
631
-
632
- def test_belongs_to_create_with_bang_without_protection
633
- best_friend = @person.create_best_friend!(attributes_hash, :without_protection => true)
634
- assert_all_attributes(best_friend)
635
- end
636
-
637
- def test_belongs_to_create_with_bang_with_strict_sanitizer
638
- with_strict_sanitizer do
639
- best_friend = @person.create_best_friend_of!(attributes_hash.except(:id, :comments))
640
- assert_equal best_friend.id, @person.best_friend_of_id
641
- end
642
- end
643
-
644
- end
645
-
646
-
647
- class MassAssignmentSecurityHasManyRelationsTest < ActiveSupport::TestCase
648
- include MassAssignmentTestHelpers
649
- include MassAssignmentRelationTestHelpers
650
-
651
- # build
652
-
653
- def test_has_many_build_with_attr_protected_attributes
654
- best_friend = @person.best_friends.build(attributes_hash)
655
- assert_default_attributes(best_friend)
656
- end
657
-
658
- def test_has_many_build_with_attr_accessible_attributes
659
- best_friend = @person.best_friends.build(attributes_hash)
660
- assert_default_attributes(best_friend)
661
- end
662
-
663
- def test_has_many_build_with_admin_role_with_attr_protected_attributes
664
- best_friend = @person.best_friends.build(attributes_hash, :as => :admin)
665
- assert_admin_attributes(best_friend)
666
- end
667
-
668
- def test_has_many_build_with_admin_role_with_attr_accessible_attributes
669
- best_friend = @person.best_friends.build(attributes_hash, :as => :admin)
670
- assert_admin_attributes(best_friend)
671
- end
672
-
673
- def test_has_many_build_without_protection
674
- best_friend = @person.best_friends.build(attributes_hash, :without_protection => true)
675
- assert_all_attributes(best_friend)
676
- end
677
-
678
- def test_has_many_build_with_strict_sanitizer
679
- with_strict_sanitizer do
680
- best_friend = @person.best_friends.build(attributes_hash.except(:id, :comments))
681
- assert_equal @person.id, best_friend.best_friend_id
682
- end
683
- end
684
-
685
- def test_has_many_through_build_with_attr_accessible_attributes
686
- group = Group.create!
687
- pirate = group.members.build(name: "Murphy")
688
- assert_equal "Murphy", pirate.name
689
- end
690
-
691
- # new
692
-
693
- def test_has_many_new_with_attr_protected_attributes
694
- best_friend = @person.best_friends.new(attributes_hash)
695
- assert_default_attributes(best_friend)
696
- end
697
-
698
- def test_has_many_new_with_attr_accessible_attributes
699
- best_friend = @person.best_friends.new(attributes_hash)
700
- assert_default_attributes(best_friend)
701
- end
702
-
703
- def test_has_many_new_with_admin_role_with_attr_protected_attributes
704
- best_friend = @person.best_friends.new(attributes_hash, :as => :admin)
705
- assert_admin_attributes(best_friend)
706
- end
707
-
708
- def test_has_many_new_with_admin_role_with_attr_accessible_attributes
709
- best_friend = @person.best_friends.new(attributes_hash, :as => :admin)
710
- assert_admin_attributes(best_friend)
711
- end
712
-
713
- def test_has_many_new_without_protection
714
- best_friend = @person.best_friends.new(attributes_hash, :without_protection => true)
715
- assert_all_attributes(best_friend)
716
- end
717
-
718
- def test_has_many_new_with_strict_sanitizer
719
- with_strict_sanitizer do
720
- best_friend = @person.best_friends.new(attributes_hash.except(:id, :comments))
721
- assert_equal @person.id, best_friend.best_friend_id
722
- end
723
- end
724
-
725
- # create
726
-
727
- def test_has_many_create_with_attr_protected_attributes
728
- best_friend = @person.best_friends.create(attributes_hash)
729
- assert_default_attributes(best_friend, true)
730
- end
731
-
732
- def test_has_many_create_with_attr_accessible_attributes
733
- best_friend = @person.best_friends.create(attributes_hash)
734
- assert_default_attributes(best_friend, true)
735
- end
736
-
737
- def test_has_many_create_with_admin_role_with_attr_protected_attributes
738
- best_friend = @person.best_friends.create(attributes_hash, :as => :admin)
739
- assert_admin_attributes(best_friend, true)
740
- end
741
-
742
- def test_has_many_create_with_admin_role_with_attr_accessible_attributes
743
- best_friend = @person.best_friends.create(attributes_hash, :as => :admin)
744
- assert_admin_attributes(best_friend, true)
745
- end
746
-
747
- def test_has_many_create_without_protection
748
- best_friend = @person.best_friends.create(attributes_hash, :without_protection => true)
749
- assert_all_attributes(best_friend)
750
- end
751
-
752
- def test_has_many_create_with_strict_sanitizer
753
- with_strict_sanitizer do
754
- best_friend = @person.best_friends.create(attributes_hash.except(:id, :comments))
755
- assert_equal @person.id, best_friend.best_friend_id
756
- end
757
- end
758
-
759
- # create!
760
-
761
- def test_has_many_create_with_bang_with_attr_protected_attributes
762
- best_friend = @person.best_friends.create!(attributes_hash)
763
- assert_default_attributes(best_friend, true)
764
- end
765
-
766
- def test_has_many_create_with_bang_with_attr_accessible_attributes
767
- best_friend = @person.best_friends.create!(attributes_hash)
768
- assert_default_attributes(best_friend, true)
769
- end
770
-
771
- def test_has_many_create_with_bang_with_admin_role_with_attr_protected_attributes
772
- best_friend = @person.best_friends.create!(attributes_hash, :as => :admin)
773
- assert_admin_attributes(best_friend, true)
774
- end
775
-
776
- def test_has_many_create_with_bang_with_admin_role_with_attr_accessible_attributes
777
- best_friend = @person.best_friends.create!(attributes_hash, :as => :admin)
778
- assert_admin_attributes(best_friend, true)
779
- end
780
-
781
- def test_has_many_create_with_bang_without_protection
782
- best_friend = @person.best_friends.create!(attributes_hash, :without_protection => true)
783
- assert_all_attributes(best_friend)
784
- end
785
-
786
- def test_has_many_create_with_bang_with_strict_sanitizer
787
- with_strict_sanitizer do
788
- best_friend = @person.best_friends.create!(attributes_hash.except(:id, :comments))
789
- assert_equal @person.id, best_friend.best_friend_id
790
- end
791
- end
792
-
793
- # concat
794
-
795
- def test_concat_has_many_through_association_member
796
- group = Group.create!
797
- pirate = Pirate.create!
798
- group.members << pirate
799
- assert_equal pirate.memberships.first, group.memberships.first
800
- end
801
-
802
- def test_concat_has_many_through_polymorphic_association
803
- team = Team.create!
804
- vampire = Vampire.create!
805
- wolf = Wolf.create!
806
-
807
- team.vampire_battles << vampire
808
- wolf.teams << team
809
- assert_equal team.wolf_battles.first, wolf
810
- end
811
- end
812
-
813
-
814
- class MassAssignmentSecurityNestedAttributesTest < ActiveSupport::TestCase
815
- include MassAssignmentTestHelpers
816
-
817
- def nested_attributes_hash(association, collection = false, except = [:id])
818
- if collection
819
- { :first_name => 'David' }.merge(:"#{association}_attributes" => [attributes_hash.except(*except)])
820
- else
821
- { :first_name => 'David' }.merge(:"#{association}_attributes" => attributes_hash.except(*except))
822
- end
823
- end
824
-
825
- # build
826
-
827
- def test_has_one_new_with_attr_protected_attributes
828
- person = LoosePerson.new(nested_attributes_hash(:best_friend))
829
- assert_default_attributes(person.best_friend)
830
- end
831
-
832
- def test_has_one_new_with_attr_accessible_attributes
833
- person = TightPerson.new(nested_attributes_hash(:best_friend))
834
- assert_default_attributes(person.best_friend)
835
- end
836
-
837
- def test_has_one_new_with_admin_role_with_attr_protected_attributes
838
- person = LoosePerson.new(nested_attributes_hash(:best_friend), :as => :admin)
839
- assert_admin_attributes(person.best_friend)
840
- end
841
-
842
- def test_has_one_new_with_admin_role_with_attr_accessible_attributes
843
- person = TightPerson.new(nested_attributes_hash(:best_friend), :as => :admin)
844
- assert_admin_attributes(person.best_friend)
845
- end
846
-
847
- def test_has_one_new_without_protection
848
- person = LoosePerson.new(nested_attributes_hash(:best_friend, false, nil), :without_protection => true)
849
- assert_all_attributes(person.best_friend)
850
- end
851
-
852
- def test_belongs_to_new_with_attr_protected_attributes
853
- person = LoosePerson.new(nested_attributes_hash(:best_friend_of))
854
- assert_default_attributes(person.best_friend_of)
855
- end
856
-
857
- def test_belongs_to_new_with_attr_accessible_attributes
858
- person = TightPerson.new(nested_attributes_hash(:best_friend_of))
859
- assert_default_attributes(person.best_friend_of)
860
- end
861
-
862
- def test_belongs_to_new_with_admin_role_with_attr_protected_attributes
863
- person = LoosePerson.new(nested_attributes_hash(:best_friend_of), :as => :admin)
864
- assert_admin_attributes(person.best_friend_of)
865
- end
866
-
867
- def test_belongs_to_new_with_admin_role_with_attr_accessible_attributes
868
- person = TightPerson.new(nested_attributes_hash(:best_friend_of), :as => :admin)
869
- assert_admin_attributes(person.best_friend_of)
870
- end
871
-
872
- def test_belongs_to_new_without_protection
873
- person = LoosePerson.new(nested_attributes_hash(:best_friend_of, false, nil), :without_protection => true)
874
- assert_all_attributes(person.best_friend_of)
875
- end
876
-
877
- def test_has_many_new_with_attr_protected_attributes
878
- person = LoosePerson.new(nested_attributes_hash(:best_friends, true))
879
- assert_default_attributes(person.best_friends.first)
880
- end
881
-
882
- def test_has_many_new_with_attr_accessible_attributes
883
- person = TightPerson.new(nested_attributes_hash(:best_friends, true))
884
- assert_default_attributes(person.best_friends.first)
885
- end
886
-
887
- def test_has_many_new_with_admin_role_with_attr_protected_attributes
888
- person = LoosePerson.new(nested_attributes_hash(:best_friends, true), :as => :admin)
889
- assert_admin_attributes(person.best_friends.first)
890
- end
891
-
892
- def test_has_many_new_with_admin_role_with_attr_accessible_attributes
893
- person = TightPerson.new(nested_attributes_hash(:best_friends, true), :as => :admin)
894
- assert_admin_attributes(person.best_friends.first)
895
- end
896
-
897
- def test_has_many_new_without_protection
898
- person = LoosePerson.new(nested_attributes_hash(:best_friends, true, nil), :without_protection => true)
899
- assert_all_attributes(person.best_friends.first)
900
- end
901
-
902
- # create
903
-
904
- def test_has_one_create_with_attr_protected_attributes
905
- person = LoosePerson.create(nested_attributes_hash(:best_friend))
906
- assert_default_attributes(person.best_friend, true)
907
- end
908
-
909
- def test_has_one_create_with_attr_accessible_attributes
910
- person = TightPerson.create(nested_attributes_hash(:best_friend))
911
- assert_default_attributes(person.best_friend, true)
912
- end
913
-
914
- def test_has_one_create_with_admin_role_with_attr_protected_attributes
915
- person = LoosePerson.create(nested_attributes_hash(:best_friend), :as => :admin)
916
- assert_admin_attributes(person.best_friend, true)
917
- end
918
-
919
- def test_has_one_create_with_admin_role_with_attr_accessible_attributes
920
- person = TightPerson.create(nested_attributes_hash(:best_friend), :as => :admin)
921
- assert_admin_attributes(person.best_friend, true)
922
- end
923
-
924
- def test_has_one_create_without_protection
925
- person = LoosePerson.create(nested_attributes_hash(:best_friend, false, nil), :without_protection => true)
926
- assert_all_attributes(person.best_friend)
927
- end
928
-
929
- def test_belongs_to_create_with_attr_protected_attributes
930
- person = LoosePerson.create(nested_attributes_hash(:best_friend_of))
931
- assert_default_attributes(person.best_friend_of, true)
932
- end
933
-
934
- def test_belongs_to_create_with_attr_accessible_attributes
935
- person = TightPerson.create(nested_attributes_hash(:best_friend_of))
936
- assert_default_attributes(person.best_friend_of, true)
937
- end
938
-
939
- def test_belongs_to_create_with_admin_role_with_attr_protected_attributes
940
- person = LoosePerson.create(nested_attributes_hash(:best_friend_of), :as => :admin)
941
- assert_admin_attributes(person.best_friend_of, true)
942
- end
943
-
944
- def test_belongs_to_create_with_admin_role_with_attr_accessible_attributes
945
- person = TightPerson.create(nested_attributes_hash(:best_friend_of), :as => :admin)
946
- assert_admin_attributes(person.best_friend_of, true)
947
- end
948
-
949
- def test_belongs_to_create_without_protection
950
- person = LoosePerson.create(nested_attributes_hash(:best_friend_of, false, nil), :without_protection => true)
951
- assert_all_attributes(person.best_friend_of)
952
- end
953
-
954
- def test_has_many_create_with_attr_protected_attributes
955
- person = LoosePerson.create(nested_attributes_hash(:best_friends, true))
956
- assert_default_attributes(person.best_friends.first, true)
957
- end
958
-
959
- def test_has_many_create_with_attr_accessible_attributes
960
- person = TightPerson.create(nested_attributes_hash(:best_friends, true))
961
- assert_default_attributes(person.best_friends.first, true)
962
- end
963
-
964
- def test_has_many_create_with_admin_role_with_attr_protected_attributes
965
- person = LoosePerson.create(nested_attributes_hash(:best_friends, true), :as => :admin)
966
- assert_admin_attributes(person.best_friends.first, true)
967
- end
968
-
969
- def test_has_many_create_with_admin_role_with_attr_accessible_attributes
970
- person = TightPerson.create(nested_attributes_hash(:best_friends, true), :as => :admin)
971
- assert_admin_attributes(person.best_friends.first, true)
972
- end
973
-
974
- def test_has_many_create_without_protection
975
- person = LoosePerson.create(nested_attributes_hash(:best_friends, true, nil), :without_protection => true)
976
- assert_all_attributes(person.best_friends.first)
977
- end
978
-
979
- # create!
980
-
981
- def test_has_one_create_with_bang_with_attr_protected_attributes
982
- person = LoosePerson.create!(nested_attributes_hash(:best_friend))
983
- assert_default_attributes(person.best_friend, true)
984
- end
985
-
986
- def test_has_one_create_with_bang_with_attr_accessible_attributes
987
- person = TightPerson.create!(nested_attributes_hash(:best_friend))
988
- assert_default_attributes(person.best_friend, true)
989
- end
990
-
991
- def test_has_one_create_with_bang_with_admin_role_with_attr_protected_attributes
992
- person = LoosePerson.create!(nested_attributes_hash(:best_friend), :as => :admin)
993
- assert_admin_attributes(person.best_friend, true)
994
- end
995
-
996
- def test_has_one_create_with_bang_with_admin_role_with_attr_accessible_attributes
997
- person = TightPerson.create!(nested_attributes_hash(:best_friend), :as => :admin)
998
- assert_admin_attributes(person.best_friend, true)
999
- end
1000
-
1001
- def test_has_one_create_with_bang_without_protection
1002
- person = LoosePerson.create!(nested_attributes_hash(:best_friend, false, nil), :without_protection => true)
1003
- assert_all_attributes(person.best_friend)
1004
- end
1005
-
1006
- def test_belongs_to_create_with_bang_with_attr_protected_attributes
1007
- person = LoosePerson.create!(nested_attributes_hash(:best_friend_of))
1008
- assert_default_attributes(person.best_friend_of, true)
1009
- end
1010
-
1011
- def test_belongs_to_create_with_bang_with_attr_accessible_attributes
1012
- person = TightPerson.create!(nested_attributes_hash(:best_friend_of))
1013
- assert_default_attributes(person.best_friend_of, true)
1014
- end
1015
-
1016
- def test_belongs_to_create_with_bang_with_admin_role_with_attr_protected_attributes
1017
- person = LoosePerson.create!(nested_attributes_hash(:best_friend_of), :as => :admin)
1018
- assert_admin_attributes(person.best_friend_of, true)
1019
- end
1020
-
1021
- def test_belongs_to_create_with_bang_with_admin_role_with_attr_accessible_attributes
1022
- person = TightPerson.create!(nested_attributes_hash(:best_friend_of), :as => :admin)
1023
- assert_admin_attributes(person.best_friend_of, true)
1024
- end
1025
-
1026
- def test_belongs_to_create_with_bang_without_protection
1027
- person = LoosePerson.create!(nested_attributes_hash(:best_friend_of, false, nil), :without_protection => true)
1028
- assert_all_attributes(person.best_friend_of)
1029
- end
1030
-
1031
- def test_has_many_create_with_bang_with_attr_protected_attributes
1032
- person = LoosePerson.create!(nested_attributes_hash(:best_friends, true))
1033
- assert_default_attributes(person.best_friends.first, true)
1034
- end
1035
-
1036
- def test_has_many_create_with_bang_with_attr_accessible_attributes
1037
- person = TightPerson.create!(nested_attributes_hash(:best_friends, true))
1038
- assert_default_attributes(person.best_friends.first, true)
1039
- end
1040
-
1041
- def test_has_many_create_with_bang_with_admin_role_with_attr_protected_attributes
1042
- person = LoosePerson.create!(nested_attributes_hash(:best_friends, true), :as => :admin)
1043
- assert_admin_attributes(person.best_friends.first, true)
1044
- end
1045
-
1046
- def test_has_many_create_with_bang_with_admin_role_with_attr_accessible_attributes
1047
- person = TightPerson.create!(nested_attributes_hash(:best_friends, true), :as => :admin)
1048
- assert_admin_attributes(person.best_friends.first, true)
1049
- end
1050
-
1051
- def test_has_many_create_with_bang_without_protection
1052
- person = LoosePerson.create!(nested_attributes_hash(:best_friends, true, nil), :without_protection => true)
1053
- assert_all_attributes(person.best_friends.first)
1054
- end
1055
-
1056
- def test_mass_assignment_options_are_reset_after_exception
1057
- person = NestedPerson.create!({ :first_name => 'David', :gender => 'm' }, :as => :admin)
1058
- person.create_best_friend!({ :first_name => 'Jeremy', :gender => 'm' }, :as => :admin)
1059
-
1060
- attributes = { :best_friend_attributes => { :comments => 'rides a sweet bike' } }
1061
- assert_raises(RuntimeError) { person.assign_attributes(attributes, :as => :admin) }
1062
- assert_equal 'm', person.best_friend.gender
1063
-
1064
- person.best_friend_attributes = { :gender => 'f' }
1065
- assert_equal 'm', person.best_friend.gender
1066
- end
1067
-
1068
- def test_mass_assignment_options_are_nested_correctly
1069
- person = NestedPerson.create!({ :first_name => 'David', :gender => 'm' }, :as => :admin)
1070
- person.create_best_friend!({ :first_name => 'Jeremy', :gender => 'm' }, :as => :admin)
1071
-
1072
- attributes = { :best_friend_first_name => 'Josh', :best_friend_attributes => { :gender => 'f' } }
1073
- person.assign_attributes(attributes, :as => :admin)
1074
- assert_equal 'Josh', person.best_friend.first_name
1075
- assert_equal 'f', person.best_friend.gender
1076
- end
1077
- end