Last active
February 28, 2017 23:51
-
-
Save astorije/0b744e25450087506a4e18d7a356a7f1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── | |
| modified: spec/cancan/controller_resource_spec.rb | |
| ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── | |
| @ controller_resource_spec.rb:4 @ | |
| require 'spec_helper' | |
| +require 'action_controller' | |
| describe CanCan::ControllerResource do | |
| let(:ability) { Ability.new(nil) } | |
| - let(:params) { HashWithIndifferentAccess.new(controller: 'models') } | |
| + let(:params) { ActionController::Parameters.new(controller: 'models') } | |
| let(:controller_class) { Class.new } | |
| let(:controller) { controller_class.new } | |
| before(:each) do | |
| - class Model | |
| - attr_accessor :name | |
| - | |
| - def initialize(attributes = {}) | |
| - attributes.each do |attribute, value| | |
| - send("#{attribute}=", value) | |
| - end | |
| + ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:') | |
| + ActiveRecord::Migration.verbose = false | |
| + ActiveRecord::Schema.define do | |
| + create_table(:models) do |t| | |
| + t.timestamps null: false | |
| + t.string :name | |
| end | |
| end | |
| + class Model < ActiveRecord::Base | |
| + attr_accessor :name | |
| + end | |
| + | |
| allow(controller).to receive(:params) { params } | |
| allow(controller).to receive(:current_ability) { ability } | |
| allow(controller_class).to receive(:cancan_skipper) { { authorize: {}, load: {} } } | |
| @ controller_resource_spec.rb:558 @ describe CanCan::ControllerResource do | |
| end.to_not raise_error | |
| end | |
| + it "doesn't sanitize parameters when no sanitizers are found" do | |
| + params.merge!(action: 'create', model: { name: 'test' }) | |
| + | |
| + resource = CanCan::ControllerResource.new(controller) | |
| + resource.load_resource | |
| + expect(controller.instance_variable_get(:@model).name).to eq 'test' | |
| + end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ThingsController < ActionController::Base | |
| skip_load_and_authorize_resource only: :create | |
| def create | |
| @thing = Thing.new | |
| @thing.foo = @params[:things][:foo] | |
| @thing.bar = @params[:things][:bar] | |
| @thing.save! | |
| redirect_to @thing | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment