mirror of
https://github.com/discourse/discourse.git
synced 2025-04-29 08:44:36 +08:00
0d01c33482
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that. The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method. It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
44 lines
933 B
Ruby
44 lines
933 B
Ruby
require 'spec_helper'
|
|
|
|
describe Admin::SiteSettingsController do
|
|
|
|
it "is a subclass of AdminController" do
|
|
(Admin::SiteSettingsController < Admin::AdminController).should be_true
|
|
end
|
|
|
|
context 'while logged in as an admin' do
|
|
before do
|
|
@user = log_in(:admin)
|
|
end
|
|
|
|
context 'index' do
|
|
it 'returns success' do
|
|
xhr :get, :index
|
|
response.should be_success
|
|
end
|
|
|
|
it 'returns JSON' do
|
|
xhr :get, :index
|
|
::JSON.parse(response.body).should be_present
|
|
end
|
|
end
|
|
|
|
context 'update' do
|
|
|
|
it 'requires a value parameter' do
|
|
lambda { xhr :put, :update, id: 'test_setting' }.should raise_error(ActionController::ParameterMissing)
|
|
end
|
|
|
|
it 'sets the value when the param is present' do
|
|
SiteSetting.expects(:'test_setting=').with('hello').once
|
|
xhr :put, :update, id: 'test_setting', value: 'hello'
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|