[rspec-users] Testing attr_accessible (and/or attr_protected)

Evgeniy Dolzhenko dolzenko at gmail.com
Tue Nov 2 03:13:47 EDT 2010

update_attributes [1] doesn't raise any exception when you try to
assign the attribute which is protected with
`attr_accessible/attr_protected` machinery (only warning in log is

So your options are:
1. perform update_attributes for an attribute and then assert that the
attribute didn't change
2. go a bit "meta" and implement something like Shoulda
allow_mass_assignment_of matcher [2]

[1] http://api.rubyonrails.org/classes/ActiveRecord/Base.html#method-i-attributes%3D
[2] http://github.com/thoughtbot/shoulda/blob/master/lib/shoulda/active_record/matchers/allow_mass_assignment_of_matcher.rb

On Tue, Nov 2, 2010 at 3:36 AM, Iain E. Davis
<iain at somethingelectronic.com> wrote:
> I've been puzzling over how to test that attr_accessible has been set
> for the correct columns; but the tests I've come up with so far seem
> to fail to fail when I expect. I came across this old message from
> this list:
> http://www.mail-archive.com/rspec-users@rubyforge.org/msg01570.html
> Which seemed like a plausible example, but my attempt (modeled on the
> example) doesn't work:
> describe Article, 'protected attributes' do
>     it 'should deny mass-assignment to the user_id' do
>       lambda { article.update_attributes(:person_id =>  @person.id)
> }.should raise_error
>     end
> end
> The lambda doesn't raise an error, even though the attr_accessible
> doesn't include person_id.
> Where am I stumbling here? Is it my beginner's knowledge of rails, or
> beginner's knowledge of Ruby?
> Thanks,
> Iain
> _______________________________________________
> rspec-users mailing list
> rspec-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users

More information about the rspec-users mailing list