From 0ed741370350ee98d4a0c9d37280429cbd15f942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tapaj=C3=B3s?= Date: Sat, 31 Oct 2009 10:40:32 -0200 Subject: [PATCH] Adding tests to commit b5d09afef5e8614f25da8ee79a5abd55e0237b2b --- spec/couchrest/more/property_spec.rb | 26 ++++++++++++++++++++++++++ spec/fixtures/more/cat.rb | 7 ++++--- spec/fixtures/more/user.rb | 22 ++++++++++++++++++++++ 3 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 spec/fixtures/more/user.rb diff --git a/spec/couchrest/more/property_spec.rb b/spec/couchrest/more/property_spec.rb index 8df2867..0e25916 100644 --- a/spec/couchrest/more/property_spec.rb +++ b/spec/couchrest/more/property_spec.rb @@ -1,3 +1,4 @@ +# encoding: utf-8 require File.expand_path('../../../spec_helper', __FILE__) require File.join(FIXTURE_PATH, 'more', 'person') require File.join(FIXTURE_PATH, 'more', 'card') @@ -5,6 +6,7 @@ require File.join(FIXTURE_PATH, 'more', 'invoice') require File.join(FIXTURE_PATH, 'more', 'service') require File.join(FIXTURE_PATH, 'more', 'event') require File.join(FIXTURE_PATH, 'more', 'cat') +require File.join(FIXTURE_PATH, 'more', 'user') describe "ExtendedDocument properties" do @@ -55,6 +57,30 @@ describe "ExtendedDocument properties" do @card.updated_at.should_not be_nil end + + describe "mass assignment protection" do + + it "should not store protected attribute using mass assignment" do + cat_toy = CatToy.new(:name => "Zorro") + cat = Cat.create(:name => "Helena", :toys => [cat_toy], :favorite_toy => cat_toy, :number => 1) + cat.number.should be_nil + cat.number = 1 + cat.save + cat.number.should == 1 + end + + it "should not store protected attribute when 'declare accessible poperties, assume all the rest are protected'" do + user = User.create(:name => "Marcos Tapajós", :admin => true) + user.admin.should be_nil + end + + it "should not store protected attribute when 'declare protected properties, assume all the rest are accessible'" do + user = SpecialUser.create(:name => "Marcos Tapajós", :admin => true) + user.admin.should be_nil + end + + end + describe "validation" do before(:each) do @invoice = Invoice.new(:client_name => "matt", :employee_name => "Chris", :location => "San Diego, CA") diff --git a/spec/fixtures/more/cat.rb b/spec/fixtures/more/cat.rb index 2e40f85..68fcb43 100644 --- a/spec/fixtures/more/cat.rb +++ b/spec/fixtures/more/cat.rb @@ -4,9 +4,10 @@ class Cat < CouchRest::ExtendedDocument # Set the default database to use use_database DB - property :name - property :toys, :cast_as => ['CatToy'], :default => [] - property :favorite_toy, :cast_as => 'CatToy' + property :name, :accessible => true + property :toys, :cast_as => ['CatToy'], :default => [], :accessible => true + property :favorite_toy, :cast_as => 'CatToy', :accessible => true + property :number end class CatToy < Hash diff --git a/spec/fixtures/more/user.rb b/spec/fixtures/more/user.rb new file mode 100644 index 0000000..f9bbf97 --- /dev/null +++ b/spec/fixtures/more/user.rb @@ -0,0 +1,22 @@ +class User < CouchRest::ExtendedDocument + # Set the default database to use + use_database DB + property :name, :accessible => true + property :admin # this will be automatically protected +end + +class SpecialUser < CouchRest::ExtendedDocument + # Set the default database to use + use_database DB + property :name # this will not be protected + property :admin, :protected => true +end + +# There are two modes of protection +# 1) Declare accessible poperties, assume all the rest are protected +# property :name, :accessible => true +# property :admin # this will be automatically protected +# +# 2) Declare protected properties, assume all the rest are accessible +# property :name # this will not be protected +# property :admin, :protected => true