attr_protected and _accessible use sets of strings instead of arrays of symbols internally. Closes #10300.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8231 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
a33007d31a
commit
3a3e7efee9
@ -628,7 +628,7 @@ def decrement_counter(counter_name, id)
|
||||
#
|
||||
# To start from an all-closed default and enable attributes as needed, have a look at attr_accessible.
|
||||
def attr_protected(*attributes)
|
||||
write_inheritable_array("attr_protected", attributes - (protected_attributes || []))
|
||||
write_inheritable_attribute("attr_protected", Set.new(attributes.map(&:to_s)) + (protected_attributes || []))
|
||||
end
|
||||
|
||||
# Returns an array of all the attributes that have been protected from mass-assignment.
|
||||
@ -662,7 +662,7 @@ def protected_attributes # :nodoc:
|
||||
# customer.credit_rating = "Average"
|
||||
# customer.credit_rating # => "Average"
|
||||
def attr_accessible(*attributes)
|
||||
write_inheritable_array("attr_accessible", attributes - (accessible_attributes || []))
|
||||
write_inheritable_attribute("attr_accessible", Set.new(attributes.map(&:to_s)) + (accessible_attributes || []))
|
||||
end
|
||||
|
||||
# Returns an array of all the attributes that have been made accessible to mass-assignment.
|
||||
@ -2084,9 +2084,9 @@ def remove_attributes_protected_from_mass_assignment(attributes)
|
||||
if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil?
|
||||
attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
|
||||
elsif self.class.protected_attributes.nil?
|
||||
attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
|
||||
attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
|
||||
elsif self.class.accessible_attributes.nil?
|
||||
attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
|
||||
attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
|
||||
else
|
||||
raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both."
|
||||
end
|
||||
|
@ -40,6 +40,11 @@ class LooseDescendant < LoosePerson
|
||||
attr_protected :phone_number
|
||||
end
|
||||
|
||||
class LooseDescendantSecond< LoosePerson
|
||||
attr_protected :phone_number
|
||||
attr_protected :name
|
||||
end
|
||||
|
||||
class TightPerson < ActiveRecord::Base
|
||||
self.table_name = 'people'
|
||||
attr_accessible :name, :address
|
||||
@ -843,16 +848,19 @@ def test_mass_assignment_accessible
|
||||
|
||||
def test_mass_assignment_protection_inheritance
|
||||
assert_nil LoosePerson.accessible_attributes
|
||||
assert_equal [ :credit_rating, :administrator ], LoosePerson.protected_attributes
|
||||
assert_equal Set.new([ 'credit_rating', 'administrator' ]), LoosePerson.protected_attributes
|
||||
|
||||
assert_nil LooseDescendant.accessible_attributes
|
||||
assert_equal [ :credit_rating, :administrator, :phone_number ], LooseDescendant.protected_attributes
|
||||
assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number' ]), LooseDescendant.protected_attributes
|
||||
|
||||
assert_nil LooseDescendantSecond.accessible_attributes
|
||||
assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number', 'name' ]), LooseDescendantSecond.protected_attributes, 'Running attr_protected twice in one class should merge the protections'
|
||||
|
||||
assert_nil TightPerson.protected_attributes
|
||||
assert_equal [ :name, :address ], TightPerson.accessible_attributes
|
||||
assert_equal Set.new([ 'name', 'address' ]), TightPerson.accessible_attributes
|
||||
|
||||
assert_nil TightDescendant.protected_attributes
|
||||
assert_equal [ :name, :address, :phone_number ], TightDescendant.accessible_attributes
|
||||
assert_equal Set.new([ 'name', 'address', 'phone_number' ]), TightDescendant.accessible_attributes
|
||||
end
|
||||
|
||||
def test_readonly_attributes
|
||||
|
Loading…
Reference in New Issue
Block a user