prix-fixe

Expand History Expand History
Collapse History Collapse History

Persist data in POST /notes requests to notes

This commit addresses the previous error:

Failure:
NotesControllerTest#test_#create_persists_a_Note_record [test/controllers/notes_controller_test.rb:10]:
Expected: []
  Actual: ["Hello, World"]

This error message occurs because our assertion that the notes table will include a row with "Hello, World" as the value of the content column is failing.

To resolve this error, our controller calls Note.create! with the contents of the HTTP request body, available to the controller action through the params helper method. Our test’s POST /notes request’s body specifies the content under the content key, so passing params.slice(:content) to the .create! call will pass along the value of the content from our request as the value of the Note model’s content attribute.

Without the intermediate call to ActionController::Parameters#to_unsafe_h, our tests error:

Error:
NotesControllerTest#test_#create_persists_a_Note_record:
ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError
    app/controllers/notes_controller.rb:11:in `create'
    test/controllers/notes_controller_test.rb:7:in `block in <class:NotesControllerTest>'

It turns out that Strong Parameters expects the body of incoming POST requests to have a certain shape. The way that our application is submitting <form> submissions does not comply to that shape.

For now, coercing params from an instance of ActionController::Parameters to an instance of ActiveSupport::HashWithIndifferentAccess is a trade-off work making so that we can return our tests to their originally passing state. Once we’re back to being in the Green Phase of our TDD cycle, we can correct this security circumvention.

When we re-run our controller tests, they pass.