Merge pull request medihack#9 from acmetech/master

Specified a white list of attributes that can be set via mass-assignment.
madAle · Mar 22, 2012 · ead528b · ead528b
2 parents 1b16851 + 1bb7800
commit ead528b
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 0 deletions.
diff --git a/lib/make_flaggable/flagging.rb b/lib/make_flaggable/flagging.rb
@@ -1,5 +1,6 @@
 module MakeFlaggable
   class Flagging < ActiveRecord::Base
+    attr_accessible :flaggable, :flagger, :flag
     belongs_to :flaggable, :polymorphic => true
     belongs_to :flagger, :polymorphic => true
     scope :with_flag, lambda { |flag| where(:flag => flag.to_s) }

diff --git a/spec/models.rb b/spec/models.rb
@@ -1,3 +1,7 @@
+class Flagging < ActiveRecord::Base
+  attr_accessible :flaggable, :flagger, :flag
+end
+
 class FlaggableModel < ActiveRecord::Base
   make_flaggable :favorite, :inappropriate
 end

diff --git a/spec/models/flagging_spec.rb b/spec/models/flagging_spec.rb
@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe Flagging do
+  describe "attributes should be white listed" do
+    it { should allow_mass_assignment_of(:flaggable) }
+    it { should allow_mass_assignment_of(:flagger) }
+    it { should allow_mass_assignment_of(:flag) }
+  end
+end
+
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -4,6 +4,7 @@
 require 'rspec'
 require 'active_record'
 require 'database_cleaner'
+require 'support/be_accessible_matcher'
 
 $LOAD_PATH.unshift(File.dirname(__FILE__) + '/../lib')
 require 'make_flaggable'

diff --git a/spec/support/be_accessible_matcher.rb b/spec/support/be_accessible_matcher.rb
@@ -0,0 +1,8 @@
+RSpec::Matchers.define :allow_mass_assignment_of do |attribute|
+  match do |response|
+    response.class.accessible_attributes.include?(attribute)
+  end
+  description { "be accessible :#{attribute}" }
+  failure_message_for_should { ":#{attribute} should be accessible" }
+  failure_message_for_should_not { ":#{attribute} should not be accessible" }
+end