diff --git a/CHANGELOG.md b/CHANGELOG.md index ca4ddf1..f548f10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * Add Rails 5.2 support * Fix bug related to incorrect usage of options on the AR#new method * Use scope_for_create instead of create_scope in Rails 5.2+ +* Fix bug related to protection of `inheritance_column` attribute ## 1.3.0 diff --git a/lib/active_record/mass_assignment_security/inheritance.rb b/lib/active_record/mass_assignment_security/inheritance.rb index 5bf0415..c431ad6 100644 --- a/lib/active_record/mass_assignment_security/inheritance.rb +++ b/lib/active_record/mass_assignment_security/inheritance.rb @@ -9,14 +9,7 @@ module ClassMethods # Detect the subclass from the inheritance column of attrs. If the inheritance column value # is not self or a valid subclass, raises ActiveRecord::SubclassNotFound - # If this is a StrongParameters hash, and access to inheritance_column is not permitted, - # this will ignore the inheritance column and return nil - def subclass_from_attributes?(attrs) - active_authorizer[:default].deny?(inheritance_column) ? nil : super - end - - # Support Active Record <= 4.0.3, which uses the old method signature. - def subclass_from_attrs(attrs) + def subclass_from_attributes(attrs) active_authorizer[:default].deny?(inheritance_column) ? nil : super end end diff --git a/test/attribute_sanitization_test.rb b/test/attribute_sanitization_test.rb index 5573bd4..fb46730 100644 --- a/test/attribute_sanitization_test.rb +++ b/test/attribute_sanitization_test.rb @@ -270,9 +270,7 @@ def test_protection_against_class_attribute_writers def test_new_with_protected_inheritance_column firm = Company.new(type: "Firm") - ### TEST IS FAILING, SO I MADE IT PASS - #assert_equal Company, firm.class #original line - assert_equal Firm, firm.class + assert_equal Company, firm.class end def test_new_with_accessible_inheritance_column