From 152089672499a63e5e12802717d5e93f9ecc633d Mon Sep 17 00:00:00 2001 From: Randall Floyd Date: Thu, 5 Dec 2024 11:21:48 -0500 Subject: [PATCH] Fixing entrypoint into actor stack that casts unpermitted attributes to hash --- app/actors/hyrax/actors/environment.rb | 6 ++++++ spec/controllers/hyrax/generic_works_controller_spec.rb | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/app/actors/hyrax/actors/environment.rb b/app/actors/hyrax/actors/environment.rb index 5c01d5827e..672c8ead48 100644 --- a/app/actors/hyrax/actors/environment.rb +++ b/app/actors/hyrax/actors/environment.rb @@ -8,6 +8,12 @@ class Environment def initialize(curation_concern, current_ability, attributes) @curation_concern = curation_concern @current_ability = current_ability + + # TODO: how to safely permit a variable list of attributes if we don't know them in advance? + # This is no longer allowed because keys in attributes haven't been permitted yet + # @attributes = attributes.to_h.with_indifferent_access + # + attributes.permit! if attributes.class == ActionController::Parameters @attributes = attributes.to_h.with_indifferent_access end diff --git a/spec/controllers/hyrax/generic_works_controller_spec.rb b/spec/controllers/hyrax/generic_works_controller_spec.rb index 38c3c1b468..6570f8999e 100644 --- a/spec/controllers/hyrax/generic_works_controller_spec.rb +++ b/spec/controllers/hyrax/generic_works_controller_spec.rb @@ -379,7 +379,8 @@ # makes one work, two file sets and calls ImportUrlJob twice. expect(actor).to receive(:create).with(Hyrax::Actors::Environment) do |env| expect(env.attributes['uploaded_files']).to eq [] - expect(env.attributes['remote_files'].map! { |v| v.permit!.to_h }).to eq browse_everything_params.values + expect(env.attributes['remote_files']).to eq browse_everything_params.values + # expect(env.attributes['remote_files'].map! { |v| v.permit!.to_h }).to eq browse_everything_params.values end post :create, params: {