couchrest_model/spec/couchrest/more/attribute_protection_spec.rb
Will Leinweber b5d09afef5 Adds attribute protection to properties
Public Facing
   * through either :protected or :accessible8 flags
   * prevents protected attributes from being set in mass assignment
 Developer Facing
   * refactors #initialize and #update_attribute_without_saving
       to use same private methods to set attributes on ExtendedDocument
   * adds new mixin to do protection

Signed-off-by: Tapajós <tapajos@gmail.com>
2009-10-31 09:56:58 -02:00

95 lines
2.7 KiB
Ruby

require File.expand_path("../../../spec_helper", __FILE__)
describe "ExtendedDocument", "no declarations" do
class NoProtection < CouchRest::ExtendedDocument
use_database TEST_SERVER.default_database
property :name
property :phone
end
it "should not protect anything through new" do
user = NoProtection.new(:name => "will", :phone => "555-5555")
user.name.should == "will"
user.phone.should == "555-5555"
end
it "should not protect anything through attributes=" do
user = NoProtection.new
user.attributes = {:name => "will", :phone => "555-5555"}
user.name.should == "will"
user.phone.should == "555-5555"
end
end
describe "ExtendedDocument", "accessible flag" do
class WithAccessible < CouchRest::ExtendedDocument
use_database TEST_SERVER.default_database
property :name, :accessible => true
property :admin, :default => false
end
it "should recognize accessible properties" do
props = WithAccessible.accessible_properties.map { |prop| prop.name}
props.should include("name")
props.should_not include("admin")
end
it "should protect non-accessible properties set through new" do
user = WithAccessible.new(:name => "will", :admin => true)
user.name.should == "will"
user.admin.should == false
end
it "should protect non-accessible properties set through attributes=" do
user = WithAccessible.new
user.attributes = {:name => "will", :admin => true}
user.name.should == "will"
user.admin.should == false
end
end
describe "ExtendedDocument", "protected flag" do
class WithProtected < CouchRest::ExtendedDocument
use_database TEST_SERVER.default_database
property :name
property :admin, :default => false, :protected => true
end
it "should recognize protected properties" do
props = WithProtected.protected_properties.map { |prop| prop.name}
props.should_not include("name")
props.should include("admin")
end
it "should protect non-accessible properties set through new" do
user = WithProtected.new(:name => "will", :admin => true)
user.name.should == "will"
user.admin.should == false
end
it "should protect non-accessible properties set through attributes=" do
user = WithProtected.new
user.attributes = {:name => "will", :admin => true}
user.name.should == "will"
user.admin.should == false
end
end
describe "ExtendedDocument", "protected flag" do
class WithBoth < CouchRest::ExtendedDocument
use_database TEST_SERVER.default_database
property :name, :accessible => true
property :admin, :default => false, :protected => true
end
it "should raise an error when both are set" do
lambda { WithBoth.new }.should raise_error
end
end