should_protect_attributes should respect attr_accessible
Reported by Seth Ladd | May 18th, 2008 @ 04:02 AM
I see that you have should_protect_attributes, which works for attr_protected. However, there's also attr_accessible.
Would be nice if should_protect_attributes would respect attr_accessible.
Thanks!
Comments and changes to this ticket
-
Seth Ladd May 18th, 2008 @ 04:07 AM
Actually, looking at this method, looks like it breaks encapsulation pretty bad:
attributes.each do |attribute|
attribute = attribute.to_sym
should "protect #{attribute} from mass updates" do
protected_attributes = klass.protected_attributes || []
assert protected_attributes.include?(attribute.to_s),
"#{klass} is protecting #{protected_attributes.to_a.to_sentence}, but not #{attribute}."
end
end
referencing protected_attributes directly seems dangerous. It would be better to try to set the attribute through the mass update facility to see if you generate an error. That way you don't break encapsulation and it'll work if you setup attr_accessible.
-
Tammer Saleh May 20th, 2008 @ 01:52 PM
- → State changed from “new” to “resolved”
This was fixed by another patch.
The test does inspect the protected attributes as set by activerecord. The original version tried to black-box test it by setting the attribute to a specific value, but there were a bunch of issues with validations and with dealing with different data types.
This new method is much cleaner, and is arguably more correct - since what we're really trying to test is that the programmer used AR's protection system correctly.
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
