Turn on mass assignment protection

Require any attribute that is going to be mass assigned to be whitelisted, and whitelist those attributes which need it
2012-03-05 16:31:11 +00:00 · 2012-03-05 16:31:11 +00:00 · 1340fca8f1
commit 1340fca8f1
parent 7d8cf94680
19 changed files with 74 additions and 35 deletions
--- a/test/integration/user_blocks_test.rb
+++ b/test/integration/user_blocks_test.rb
@ -17,10 +17,12 @@ class UserBlocksTest < ActionController::IntegrationTest
    assert_response :success

    # now block the user
-    UserBlock.create(:user_id => blocked_user.id,
-                     :creator_id => users(:moderator_user).id,
-                     :reason => "testing",
-                     :ends_at => Time.now.getutc + 5.minutes)
+    UserBlock.create({
+      :user_id => blocked_user.id,
+      :creator_id => users(:moderator_user).id,
+      :reason => "testing",
+      :ends_at => Time.now.getutc + 5.minutes
+    }, :without_protection => true)
    get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
    assert_response :forbidden
  end
@ -29,10 +31,12 @@ class UserBlocksTest < ActionController::IntegrationTest
    blocked_user = users(:public_user)
    moderator = users(:moderator_user)

-    block = UserBlock.create(:user_id => blocked_user.id,
-                             :creator_id => moderator.id,
-                             :reason => "testing",
-                             :ends_at => Time.now.getutc + 5.minutes)
+    block = UserBlock.create({
+      :user_id => blocked_user.id,
+      :creator_id => moderator.id,
+      :reason => "testing",
+      :ends_at => Time.now.getutc + 5.minutes
+    }, :without_protection => true)
    get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
    assert_response :forbidden