protected_attributes 1.0.9 → 1.1.0

data/test/mass_assignment_security/black_list_test.rb

@@ -1,21 +0,0 @@
-require 'test_helper'
-require 'active_model/mass_assignment_security'
-
-class BlackListTest < ActiveModel::TestCase
-
-  def setup
-    @black_list   = ActiveModel::MassAssignmentSecurity::BlackList.new
-    @included_key = 'admin'
-    @black_list  += [ @included_key ]
-  end
-
-  test "deny? is true for included items" do
-    assert_equal true, @black_list.deny?(@included_key)
-  end
-
-  test "deny? is false for non-included items" do
-    assert_equal false, @black_list.deny?('first_name')
-  end
-
-
-end

data/test/mass_assignment_security/permission_set_test.rb

@@ -1,37 +0,0 @@
-require 'test_helper'
-require 'active_model/mass_assignment_security'
-
-class PermissionSetTest < ActiveModel::TestCase
-
-  def setup
-    @permission_list = ActiveModel::MassAssignmentSecurity::PermissionSet.new
-  end
-
-  test "+ stringifies added collection values" do
-    symbol_collection = [ :admin ]
-    new_list = @permission_list += symbol_collection
-
-    assert new_list.include?('admin'), "did not add collection to #{@permission_list.inspect}}"
-  end
-
-  test "+ compacts added collection values" do
-    added_collection = [ nil ]
-    new_list = @permission_list + added_collection
-    assert_equal new_list, @permission_list, "did not add collection to #{@permission_list.inspect}}"
-  end
-
-  test "include? normalizes multi-parameter keys" do
-    multi_param_key = 'admin(1)'
-    new_list = @permission_list += [ 'admin' ]
-
-    assert new_list.include?(multi_param_key), "#{multi_param_key} not found in #{@permission_list.inspect}"
-  end
-
-  test "include? normal keys" do
-    normal_key = 'admin'
-    new_list = @permission_list +=  [ normal_key ]
-
-    assert new_list.include?(normal_key), "#{normal_key} not found in #{@permission_list.inspect}"
-  end
-
-end

data/test/mass_assignment_security/sanitizer_test.rb

@@ -1,51 +0,0 @@
-require 'test_helper'
-require 'active_model/mass_assignment_security'
-require 'active_support/logger'
-
-class SanitizerTest < ActiveModel::TestCase
-  attr_accessor :logger
-
-  class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
-    def deny?(key)
-      ['admin', 'id'].include?(key)
-    end
-  end
-
-  def setup
-    @logger_sanitizer = ActiveModel::MassAssignmentSecurity::LoggerSanitizer.new(self)
-    @strict_sanitizer = ActiveModel::MassAssignmentSecurity::StrictSanitizer.new(self)
-    @authorizer = Authorizer.new
-  end
-
-  test "sanitize attributes" do
-    original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
-    attributes = @logger_sanitizer.sanitize(self.class, original_attributes, @authorizer)
-
-    assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
-    assert !attributes.key?('admin'),     "Denied key should be rejected"
-  end
-
-  test "debug mass assignment removal with LoggerSanitizer" do
-    original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
-    log = StringIO.new
-    self.logger = ActiveSupport::Logger.new(log)
-    @logger_sanitizer.sanitize(self.class, original_attributes, @authorizer)
-    assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
-  end
-
-  test "debug mass assignment removal with StrictSanitizer" do
-    original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
-    assert_raise ActiveModel::MassAssignmentSecurity::Error do
-      @strict_sanitizer.sanitize(self.class, original_attributes, @authorizer)
-    end
-  end
-
-  test "mass assignment insensitive attributes" do
-    original_attributes = {'id' => 1, 'first_name' => 'allowed'}
-
-    assert_nothing_raised do
-      @strict_sanitizer.sanitize(self.class, original_attributes, @authorizer)
-    end
-  end
-
-end

data/test/mass_assignment_security/white_list_test.rb

@@ -1,20 +0,0 @@
-require 'test_helper'
-require 'active_model/mass_assignment_security'
-
-class WhiteListTest < ActiveModel::TestCase
-
-  def setup
-    @white_list   = ActiveModel::MassAssignmentSecurity::WhiteList.new
-    @included_key = 'first_name'
-    @white_list  += [ @included_key ]
-  end
-
-  test "deny? is false for included items" do
-    assert_equal false, @white_list.deny?(@included_key)
-  end
-
-  test "deny? is true for non-included items" do
-    assert_equal true, @white_list.deny?('admin')
-  end
-
-end

data/test/mass_assignment_security_test.rb

@@ -1,118 +0,0 @@
-require 'test_helper'
-require 'active_model/mass_assignment_security'
-require 'models/mass_assignment_specific'
-
-class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
-
-  def process_removed_attributes(klass, attrs)
-    raise StandardError
-  end
-
-end
-
-class MassAssignmentSecurityTest < ActiveModel::TestCase
-  def test_attribute_protection
-    user = User.new
-    expected = { "name" => "John Smith", "email" => "john@smith.com" }
-    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
-    assert_equal expected, sanitized
-  end
-
-  def test_attribute_protection_when_role_is_nil
-    user = User.new
-    expected = { "name" => "John Smith", "email" => "john@smith.com" }
-    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), nil)
-    assert_equal expected, sanitized
-  end
-
-  def test_only_moderator_role_attribute_accessible
-    user = SpecialUser.new
-    expected = { "name" => "John Smith", "email" => "john@smith.com" }
-    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), :moderator)
-    assert_equal expected, sanitized
-
-    sanitized = user.sanitize_for_mass_assignment({ "name" => "John Smith", "email" => "john@smith.com", "admin" => true })
-    assert_equal({}, sanitized)
-  end
-
-  def test_attributes_accessible
-    user = Person.new
-    expected = { "name" => "John Smith", "email" => "john@smith.com" }
-    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
-    assert_equal expected, sanitized
-  end
-
-  def test_attributes_accessible_with_admin_role
-    user = Person.new
-    expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
-    sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
-    assert_equal expected, sanitized
-  end
-
-  def test_attributes_accessible_with_roles_given_as_array
-    user = Account.new
-    expected = { "name" => "John Smith", "email" => "john@smith.com" }
-    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
-    assert_equal expected, sanitized
-  end
-
-  def test_attributes_accessible_with_admin_role_when_roles_given_as_array
-    user = Account.new
-    expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
-    sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
-    assert_equal expected, sanitized
-  end
-
-  def test_attributes_protected_by_default
-    firm = Firm.new
-    expected = { }
-    sanitized = firm.sanitize_for_mass_assignment({ "type" => "Client" })
-    assert_equal expected, sanitized
-  end
-
-  def test_mass_assignment_protection_inheritance
-    assert SpecialLoosePerson.accessible_attributes.blank?
-    assert_equal Set.new(['credit_rating', 'administrator']), SpecialLoosePerson.protected_attributes
-
-    assert SpecialLoosePerson.accessible_attributes.blank?
-    assert_equal Set.new(['credit_rating']), SpecialLoosePerson.protected_attributes(:admin)
-
-    assert LooseDescendant.accessible_attributes.blank?
-    assert_equal Set.new(['credit_rating', 'administrator', 'phone_number']), LooseDescendant.protected_attributes
-
-    assert LooseDescendantSecond.accessible_attributes.blank?
-    assert_equal Set.new(['credit_rating', 'administrator', 'phone_number', 'name']), LooseDescendantSecond.protected_attributes,
-      'Running attr_protected twice in one class should merge the protections'
-
-    assert((SpecialTightPerson.protected_attributes - SpecialTightPerson.attributes_protected_by_default).blank?)
-    assert_equal Set.new(['name', 'address']), SpecialTightPerson.accessible_attributes
-
-    assert((SpecialTightPerson.protected_attributes(:admin) - SpecialTightPerson.attributes_protected_by_default).blank?)
-    assert_equal Set.new(['name', 'address', 'admin']), SpecialTightPerson.accessible_attributes(:admin)
-
-    assert((TightDescendant.protected_attributes - TightDescendant.attributes_protected_by_default).blank?)
-    assert_equal Set.new(['name', 'address', 'phone_number']), TightDescendant.accessible_attributes
-
-    assert((TightDescendant.protected_attributes(:admin) - TightDescendant.attributes_protected_by_default).blank?)
-    assert_equal Set.new(['name', 'address', 'admin', 'super_powers']), TightDescendant.accessible_attributes(:admin)
-  end
-
-  def test_mass_assignment_multiparameter_protector
-    task = Task.new
-    attributes = { "starting(1i)" => "2004", "starting(2i)" => "6", "starting(3i)" => "24" }
-    sanitized = task.sanitize_for_mass_assignment(attributes)
-    assert_equal sanitized, { }
-  end
-
-  def test_custom_sanitizer
-    old_sanitizer = User._mass_assignment_sanitizer
-
-    user = User.new
-    User.mass_assignment_sanitizer = CustomSanitizer.new
-    assert_raise StandardError do
-      user.sanitize_for_mass_assignment("admin" => true)
-    end
-  ensure
-    User.mass_assignment_sanitizer = old_sanitizer
-  end
-end

data/test/models/battle.rb

@@ -1,5 +0,0 @@
-class Battle < ActiveRecord::Base
-  attr_accessible []
-  belongs_to :team
-  belongs_to :battle, :polymorphic => true
-end

data/test/models/company.rb

@@ -1,17 +0,0 @@
-class AbstractCompany < ActiveRecord::Base
-  self.abstract_class = true
-end
-
-class Company < AbstractCompany
-  attr_protected :rating
-end
-
-class Firm < Company
-end
-
-class Corporation < Company
-  attr_accessible :type, :name, :description
-end
-
-class SpecialCorporation < Corporation
-end

data/test/models/group.rb

@@ -1,6 +0,0 @@
-class Group < ActiveRecord::Base
-  self.mass_assignment_sanitizer = :strict
-
-  has_many :memberships, :dependent => :destroy
-  has_many :members, :through => :memberships, :source => :pirate
-end

data/test/models/keyboard.rb

@@ -1,3 +0,0 @@
-class Keyboard < ActiveRecord::Base
-  self.primary_key = 'key_number'
-end

data/test/models/mass_assignment_specific.rb

@@ -1,76 +0,0 @@
-class User
-  include ActiveModel::MassAssignmentSecurity
-  attr_protected :admin
-
-  public :sanitize_for_mass_assignment
-end
-
-class SpecialUser
-  include ActiveModel::MassAssignmentSecurity
-  attr_accessible :name, :email, :as => :moderator
-
-  public :sanitize_for_mass_assignment
-end
-
-class Person
-  include ActiveModel::MassAssignmentSecurity
-  attr_accessible :name, :email
-  attr_accessible :name, :email, :admin, :as => :admin
-
-  public :sanitize_for_mass_assignment
-end
-
-class Account
-  include ActiveModel::MassAssignmentSecurity
-  attr_accessible :name, :email, :as => [:default, :admin]
-  attr_accessible :admin, :as => :admin
-
-  public :sanitize_for_mass_assignment
-end
-
-class Firm
-  include ActiveModel::MassAssignmentSecurity
-
-  public :sanitize_for_mass_assignment
-
-  def self.attributes_protected_by_default
-    ["type"]
-  end
-end
-
-class Task
-  include ActiveModel::MassAssignmentSecurity
-  attr_protected :starting
-
-  public :sanitize_for_mass_assignment
-end
-
-class SpecialLoosePerson
-  include ActiveModel::MassAssignmentSecurity
-  attr_protected :credit_rating, :administrator
-  attr_protected :credit_rating, :as => :admin
-end
-
-class LooseDescendant < SpecialLoosePerson
-  attr_protected :phone_number
-end
-
-class LooseDescendantSecond< SpecialLoosePerson
-  attr_protected :phone_number
-  attr_protected :name
-end
-
-class SpecialTightPerson
-  include ActiveModel::MassAssignmentSecurity
-  attr_accessible :name, :address
-  attr_accessible :name, :address, :admin, :as => :admin
-
-  def self.attributes_protected_by_default
-    ["mobile_number"]
-  end
-end
-
-class TightDescendant < SpecialTightPerson
-  attr_accessible :phone_number
-  attr_accessible :super_powers, :as => :admin
-end

data/test/models/membership.rb

@@ -1,8 +0,0 @@
-class Membership < ActiveRecord::Base
-  self.mass_assignment_sanitizer = :strict
-
-  belongs_to :group
-  belongs_to :pirate
-
-  attr_accessible []
-end

data/test/models/person.rb

@@ -1,46 +0,0 @@
-class LoosePerson < ActiveRecord::Base
-  self.table_name = 'people'
-
-  attr_protected :comments, :best_friend_id, :best_friend_of_id
-  attr_protected :as => :admin
-
-  has_one    :best_friend,    :class_name => 'LoosePerson', :foreign_key => :best_friend_id
-  belongs_to :best_friend_of, :class_name => 'LoosePerson', :foreign_key => :best_friend_of_id
-  has_many   :best_friends,   :class_name => 'LoosePerson', :foreign_key => :best_friend_id
-
-  accepts_nested_attributes_for :best_friend, :best_friend_of, :best_friends
-end
-
-class TightPerson < ActiveRecord::Base
-  self.table_name = 'people'
-
-  attr_accessible :first_name, :gender
-  attr_accessible :first_name, :gender, :comments, :as => :admin
-  attr_accessible :best_friend_attributes, :best_friend_of_attributes, :best_friends_attributes
-  attr_accessible :best_friend_attributes, :best_friend_of_attributes, :best_friends_attributes, :as => :admin
-
-  has_one    :best_friend,    :class_name => 'TightPerson', :foreign_key => :best_friend_id
-  belongs_to :best_friend_of, :class_name => 'TightPerson', :foreign_key => :best_friend_of_id
-  has_many   :best_friends,   :class_name => 'TightPerson', :foreign_key => :best_friend_id
-
-  accepts_nested_attributes_for :best_friend, :best_friend_of, :best_friends
-end
-
-class NestedPerson < ActiveRecord::Base
-  self.table_name = 'people'
-
-  attr_accessible :first_name, :best_friend_first_name, :best_friend_attributes
-  attr_accessible :first_name, :gender, :comments, :as => :admin
-  attr_accessible :best_friend_attributes, :best_friend_first_name, :as => :admin
-
-  has_one :best_friend, :class_name => 'NestedPerson', :foreign_key => :best_friend_id
-  accepts_nested_attributes_for :best_friend, :update_only => true, :reject_if => :all_blank
-
-  def comments=(new_comments)
-    raise RuntimeError
-  end
-
-  def best_friend_first_name=(new_name)
-    assign_attributes({ :best_friend_attributes => { :first_name => new_name } })
-  end
-end

data/test/models/pirate.rb

@@ -1,5 +0,0 @@
-class Pirate < ActiveRecord::Base
-  self.mass_assignment_sanitizer = :strict
-  attr_accessible :name
-  has_many :memberships
-end

data/test/models/subscriber.rb

@@ -1,5 +0,0 @@
-class Subscriber < ActiveRecord::Base
-  self.primary_key = 'nick'
-  has_many :subscriptions
-  has_many :books, :through => :subscriptions
-end

data/test/models/task.rb

@@ -1,5 +0,0 @@
-class Task < ActiveRecord::Base
-  def updated_at
-    ending
-  end
-end

data/test/models/team.rb

@@ -1,5 +0,0 @@
-class Team < ActiveRecord::Base
-  has_many :battles
-  has_many :wolf_battles, :through => :battles, :class_name => 'Wolf', :source => :battle, :source_type => 'Wolf'
-  has_many :vampire_battles, :through => :battles, :class_name => 'Vampire', :source => :battle, :source_type => 'Vampire'
-end