I have a model with the following mass assignment protection defined as:
attr_accessible :attachment, :body, :feed_id
attr_accessible :attachment, :body, :feed_id, :approved, :as => :admin
The code works as expected in the controller, only allowing approved to be mass assigned when called like
@post.update_attributes(params[:post], :as => :admin)
I usually test mass assignment using shoulda like so:
it { should_not allow_mass_assignment_of(:approved) }
However, I cannot find a way to test scoped mass assignment, e.g. something like
it { should allow_mass_assignment_of(:approved, :as => :admin) }
(That doesn't work).
Does anyone know how to test this?
For Rails > 3.1 try
it { should allow_mass_assignment_of(:approved).as(:admin) }