From 52302f08562f354f7c1d067a132189c9e54b6404 Mon Sep 17 00:00:00 2001
From: Alexander Uvarov <alexander.uvarov@gmail.com>
Date: Thu, 23 Jun 2011 12:56:39 +0600
Subject: [PATCH 1/2] Allow to specify mass-assignment roles as array

---
 .../lib/active_model/mass_assignment_security.rb   | 14 ++++++++++----
 .../test/cases/mass_assignment_security_test.rb    | 14 ++++++++++++++
 .../test/models/mass_assignment_specific.rb        | 10 +++++++++-
 3 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb
index 483b577681..7ffea6d312 100644
--- a/activemodel/lib/active_model/mass_assignment_security.rb
+++ b/activemodel/lib/active_model/mass_assignment_security.rb
@@ -95,8 +95,11 @@ module ActiveModel
         options = args.extract_options!
         role = options[:as] || :default
 
-        self._protected_attributes        = protected_attributes_configs.dup
-        self._protected_attributes[role] = self.protected_attributes(role) + args
+        self._protected_attributes = protected_attributes_configs.dup
+
+        Array(role).each do |name|
+          self._protected_attributes[name] = self.protected_attributes(name) + args
+        end
 
         self._active_authorizer = self._protected_attributes
       end
@@ -154,8 +157,11 @@ module ActiveModel
         options = args.extract_options!
         role = options[:as] || :default
 
-        self._accessible_attributes        = accessible_attributes_configs.dup
-        self._accessible_attributes[role] = self.accessible_attributes(role) + args
+        self._accessible_attributes = accessible_attributes_configs.dup
+
+        Array(role).each do |name|
+          self._accessible_attributes[name] = self.accessible_attributes(name) + args
+        end
 
         self._active_authorizer = self._accessible_attributes
       end
diff --git a/activemodel/test/cases/mass_assignment_security_test.rb b/activemodel/test/cases/mass_assignment_security_test.rb
index 43a12eed61..664b7fcf0e 100644
--- a/activemodel/test/cases/mass_assignment_security_test.rb
+++ b/activemodel/test/cases/mass_assignment_security_test.rb
@@ -34,6 +34,20 @@ class MassAssignmentSecurityTest < ActiveModel::TestCase
     assert_equal expected, sanitized
   end
 
+  def test_attributes_accessible_with_roles_given_as_array
+    user = Account.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com" }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
+    assert_equal expected, sanitized
+  end
+
+  def test_attributes_accessible_with_admin_role_when_roles_given_as_array
+    user = Account.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
+    assert_equal expected, sanitized
+  end
+
   def test_attributes_protected_by_default
     firm = Firm.new
     expected = { }
diff --git a/activemodel/test/models/mass_assignment_specific.rb b/activemodel/test/models/mass_assignment_specific.rb
index 53b37369ff..1d123fa58c 100644
--- a/activemodel/test/models/mass_assignment_specific.rb
+++ b/activemodel/test/models/mass_assignment_specific.rb
@@ -20,6 +20,14 @@ class Person
   public :sanitize_for_mass_assignment
 end
 
+class Account
+  include ActiveModel::MassAssignmentSecurity
+  attr_accessible :name, :email, :as => [:default, :admin]
+  attr_accessible :admin, :as => :admin
+
+  public :sanitize_for_mass_assignment
+end
+
 class Firm
   include ActiveModel::MassAssignmentSecurity
 
@@ -65,4 +73,4 @@ end
 class TightDescendant < TightPerson
   attr_accessible :phone_number
   attr_accessible :super_powers, :as => :admin
-end
\ No newline at end of file
+end

From 79956db91c2ae7aacaf7b1ed5df7fe57f6f3c9d7 Mon Sep 17 00:00:00 2001
From: Alexander Uvarov <alexander.uvarov@gmail.com>
Date: Thu, 23 Jun 2011 23:06:52 +0600
Subject: [PATCH 2/2] Follow rails convention by using Array.wrap

---
 activemodel/lib/active_model/mass_assignment_security.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb
index 7ffea6d312..a7c79478fc 100644
--- a/activemodel/lib/active_model/mass_assignment_security.rb
+++ b/activemodel/lib/active_model/mass_assignment_security.rb
@@ -1,4 +1,5 @@
 require 'active_support/core_ext/class/attribute.rb'
+require 'active_support/core_ext/array/wrap'
 require 'active_model/mass_assignment_security/permission_set'
 
 module ActiveModel
@@ -97,7 +98,7 @@ module ActiveModel
 
         self._protected_attributes = protected_attributes_configs.dup
 
-        Array(role).each do |name|
+        Array.wrap(role).each do |name|
           self._protected_attributes[name] = self.protected_attributes(name) + args
         end
 
@@ -159,7 +160,7 @@ module ActiveModel
 
         self._accessible_attributes = accessible_attributes_configs.dup
 
-        Array(role).each do |name|
+        Array.wrap(role).each do |name|
           self._accessible_attributes[name] = self.accessible_attributes(name) + args
         end