update_attributes [1] doesn't raise any exception when you try to assign the attribute which is protected with `attr_accessible/attr_protected` machinery (only warning in log is printed).
So your options are: 1. perform update_attributes for an attribute and then assert that the attribute didn't change 2. go a bit "meta" and implement something like Shoulda allow_mass_assignment_of matcher [2] [1] http://api.rubyonrails.org/classes/ActiveRecord/Base.html#method-i-attributes%3D [2] http://github.com/thoughtbot/shoulda/blob/master/lib/shoulda/active_record/matchers/allow_mass_assignment_of_matcher.rb On Tue, Nov 2, 2010 at 3:36 AM, Iain E. Davis <i...@somethingelectronic.com> wrote: > I've been puzzling over how to test that attr_accessible has been set > for the correct columns; but the tests I've come up with so far seem > to fail to fail when I expect. I came across this old message from > this list: > > http://www.mail-archive.com/rspec-users@rubyforge.org/msg01570.html > > Which seemed like a plausible example, but my attempt (modeled on the > example) doesn't work: > > describe Article, 'protected attributes' do > it 'should deny mass-assignment to the user_id' do > lambda { article.update_attributes(:person_id => �...@person.id) > }.should raise_error > end > end > > The lambda doesn't raise an error, even though the attr_accessible > doesn't include person_id. > > Where am I stumbling here? Is it my beginner's knowledge of rails, or > beginner's knowledge of Ruby? > > Thanks, > > Iain > _______________________________________________ > rspec-users mailing list > rspec-users@rubyforge.org > http://rubyforge.org/mailman/listinfo/rspec-users > _______________________________________________ rspec-users mailing list rspec-users@rubyforge.org http://rubyforge.org/mailman/listinfo/rspec-users
