I'd like to test that my model attributes are properly protected against mass assignment, something like:
it "should NOT update :balance on mass assignment" do
@account.attributes = {:balance => 1000}
@account.balance.should_not == 1000
end
instead of doing each attribute manually however, I'd like to automate it so I can pass a list of attributes which CAN be assigned that way and let the code figure out what should be protected. Here's what I have so far :
http://pastie.caboo.se/70685the problem is, I can't figure out how to make "protected attributes" reusable. I'd like to be able to pass it a different class name and list of allowed attributes at run time, but AFAIK, shared behaviours can't be sent parameters. I tried using instance variables, which I initialize in 'mass assignments' before() method, but they're only available to the actual spec (lines 6-8), not the code that generates the dynamic specs (lines 3-9)
can anyone think how I might get round this?
thanks
dave
