[PATCH] make should_protect_attributes work with attr_accessible
Reported by Luke Francl | March 10th, 2008 @ 12:38 AM
We've been using attr_accessible (attr_protected's more paranoid brother).
If I have a model like:
class User < ActiveRecord::Base
attr_accessible :name
end
I expect
should_protect_attributes :password
to pass (because all attributes not accessible are protected from mass assignment).
With a quick change to should_protect_attributes, this works.
Comments and changes to this ticket
-
Luke Francl March 10th, 2008 @ 12:38 AM
- → Title changed from “[PATCH] make should_protect_attributes with attr_accessible” to “[PATCH] make should_protect_attributes work with attr_accessible”
-
Tammer Saleh March 10th, 2008 @ 10:20 AM
- → State changed from “new” to “open”
Luke,
Could I get you to submit a patch that includes tests? Let me know if you need help with understanding the testing setup.
Thanks,
Tammer
-
Luke Francl March 10th, 2008 @ 10:55 AM
Sure. How does the testing setup work? Since attr_accessible and attr_protected are not compatible, I may need to add a new model to the test Rails app.
-
Mike Boone May 11th, 2008 @ 07:53 PM
I applied Luke's patch to my shoulda GitHub fork. I also added attr_accessible :name to the tag model. Then I added should_protect_attributes :secret to the unit test. The tests pass.
-
Tammer Saleh May 20th, 2008 @ 12:40 AM
- → State changed from “open” to “resolved”
Mike and Luke - great work there. Merged it into trunk.
-
Luke Francl May 20th, 2008 @ 11:34 AM
Great! Thanks for finishing this up, Mike.
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
