deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

set activerecord whitelist_attributes to true

Browse source
This commit is contained in:
Nihad Abbasov 2012-09-26 11:17:17 -07:00
parent 4629cc44d6
commit 83efcabc82
28 changed files with 100 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

5
spec/models/issue_spec.rb
View file

@ -5,6 +5,11 @@ describe Issue do
it { should belong_to(:milestone) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author_id) }
it { should_not allow_mass_assignment_of(:project_id) }
end
describe "Validation" do
it { should ensure_length_of(:description).is_within(0..2000) }
it { should ensure_inclusion_of(:closed).in_array([true, false]) }

5
spec/models/key_spec.rb
View file

@ -6,6 +6,11 @@ describe Key do
it { should belong_to(:project) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
it { should_not allow_mass_assignment_of(:user_id) }
end
describe "Validation" do
it { should validate_presence_of(:title) }
it { should validate_presence_of(:key) }

5
spec/models/merge_request_spec.rb
View file

@ -6,6 +6,11 @@ describe MergeRequest do
it { should validate_presence_of(:source_branch) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author_id) }
it { should_not allow_mass_assignment_of(:project_id) }
end
describe 'modules' do
it { should include_module(IssueCommonality) }
it { should include_module(Votes) }

4
spec/models/milestone_spec.rb
View file

@ -6,6 +6,10 @@ describe Milestone do
it { should have_many(:issues) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end
describe "Validation" do
it { should validate_presence_of(:title) }
it { should validate_presence_of(:project_id) }

5
spec/models/note_spec.rb
View file

@ -7,6 +7,11 @@ describe Note do
it { should belong_to(:author).class_name('User') }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author) }
it { should_not allow_mass_assignment_of(:author_id) }
end
describe "Validation" do
it { should validate_presence_of(:note) }
it { should validate_presence_of(:project) }

5
spec/models/project_spec.rb
View file

@ -17,6 +17,11 @@ describe Project do
it { should have_many(:protected_branches).dependent(:destroy) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:owner_id) }
it { should_not allow_mass_assignment_of(:private_flag) }
end
describe "Validation" do
let!(:project) { create(:project) }

4
spec/models/protected_branch_spec.rb
View file

@ -5,6 +5,10 @@ describe ProtectedBranch do
it { should belong_to(:project) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end
describe 'Validation' do
it { should validate_presence_of(:project_id) }
it { should validate_presence_of(:name) }

5
spec/models/snippet_spec.rb
View file

@ -7,6 +7,11 @@ describe Snippet do
it { should have_many(:notes).dependent(:destroy) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:author_id) }
it { should_not allow_mass_assignment_of(:project_id) }
end
describe "Validation" do
it { should validate_presence_of(:author_id) }
it { should validate_presence_of(:project_id) }

31
spec/models/user_spec.rb
View file

@ -15,6 +15,11 @@ describe User do
it { should have_many(:assigned_merge_requests).dependent(:destroy) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:projects_limit) }
it { should allow_mass_assignment_of(:projects_limit).as(:admin) }
end
describe 'validations' do
it { should validate_presence_of(:projects_limit) }
it { should validate_numericality_of(:projects_limit) }
@ -73,30 +78,4 @@ describe User do
user.authentication_token.should_not be_blank
end
end
describe "attributes can be changed by a regular user" do
before do
@user = Factory :user
@user.update_attributes(skype: "testskype", linkedin: "testlinkedin")
end
it { @user.skype.should == 'testskype' }
it { @user.linkedin.should == 'testlinkedin' }
end
describe "attributes that shouldn't be changed by a regular user" do
before do
@user = Factory :user
@user.update_attributes(projects_limit: 50)
end
it { @user.projects_limit.should_not == 50 }
end
describe "attributes can be changed by an admin user" do
before do
@admin_user = Factory :admin
@admin_user.update_attributes({ skype: "testskype", projects_limit: 50 }, as: :admin)
end
it { @admin_user.skype.should == 'testskype' }
it { @admin_user.projects_limit.should == 50 }
end
end

4
spec/models/users_project_spec.rb
View file

@ -6,6 +6,10 @@ describe UsersProject do
it { should belong_to(:user) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end
describe "Validation" do
let!(:users_project) { create(:users_project) }

4
spec/models/web_hook_spec.rb
View file

@ -5,6 +5,10 @@ describe ProjectHook do
it { should belong_to :project }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
end
describe "Validations" do
it { should validate_presence_of(:url) }

5
spec/models/wiki_spec.rb
View file

@ -7,6 +7,11 @@ describe Wiki do
it { should have_many(:notes).dependent(:destroy) }
end
describe "Mass assignment" do
it { should_not allow_mass_assignment_of(:project_id) }
it { should_not allow_mass_assignment_of(:user_id) }
end
describe "Validation" do
it { should validate_presence_of(:title) }
it { should ensure_length_of(:title).is_within(1..250) }