From 5145717a3c15a7f8d8687cb23ec86ebdab700a4f Mon Sep 17 00:00:00 2001 From: Thibault Jouan Date: Sat, 7 Jan 2012 18:26:38 +0000 Subject: [PATCH] Specify models attributes that must not be mass assignated --- app/models/playlist.rb | 2 ++ spec/models/playlist_spec.rb | 1 + spec/models/track_spec.rb | 1 + spec/models/user_spec.rb | 1 + 4 files changed, 5 insertions(+) diff --git a/app/models/playlist.rb b/app/models/playlist.rb index 404af23..3f61b5d 100644 --- a/app/models/playlist.rb +++ b/app/models/playlist.rb @@ -1,6 +1,8 @@ class Playlist < ActiveRecord::Base belongs_to :user + attr_accessible :name + validates_presence_of :user validates_presence_of :name end diff --git a/spec/models/playlist_spec.rb b/spec/models/playlist_spec.rb index 81987d6..1c1bb07 100644 --- a/spec/models/playlist_spec.rb +++ b/spec/models/playlist_spec.rb @@ -8,4 +8,5 @@ describe Playlist do it { should belong_to :user } it { should validate_presence_of :user } it { should validate_presence_of :name } + it { should_not allow_mass_assignment_of :user } end diff --git a/spec/models/track_spec.rb b/spec/models/track_spec.rb index 6c3715d..0a90b98 100644 --- a/spec/models/track_spec.rb +++ b/spec/models/track_spec.rb @@ -8,6 +8,7 @@ describe Track do it { should be_valid } it { should have_many :sounds } it { should validate_presence_of :name } + it { should_not allow_mass_assignment_of :sounds } context 'with a file' do before do diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 9d04df0..b092228 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -9,6 +9,7 @@ describe User do it { should validate_presence_of :email } it { should validate_presence_of :password } it { should validate_presence_of :password_hash } + it { should_not allow_mass_assignment_of :password_hash } context 'when a user with the same email address already exists' do let(:old_user) { Factory.create(:user, :email => 'unique@example.net') }