Turn on mass assignment protection
[rails.git] / test / integration / user_blocks_test.rb
index 7003d769251c2a97dbe0578a35bf627e60255c41..11fcae91a9a45f2ac3b17af13cfcf453c66adf5c 100644 (file)
@@ -17,10 +17,12 @@ class UserBlocksTest < ActionController::IntegrationTest
     assert_response :success
 
     # now block the user
-    UserBlock.create(:user_id => blocked_user.id,
-                     :creator_id => users(:moderator_user).id,
-                     :reason => "testing",
-                     :ends_at => Time.now.getutc + 5.minutes)
+    UserBlock.create({
+      :user_id => blocked_user.id,
+      :creator_id => users(:moderator_user).id,
+      :reason => "testing",
+      :ends_at => Time.now.getutc + 5.minutes
+    }, :without_protection => true)
     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
     assert_response :forbidden
   end
@@ -29,10 +31,12 @@ class UserBlocksTest < ActionController::IntegrationTest
     blocked_user = users(:public_user)
     moderator = users(:moderator_user)
 
-    block = UserBlock.create(:user_id => blocked_user.id,
-                             :creator_id => moderator.id,
-                             :reason => "testing",
-                             :ends_at => Time.now.getutc + 5.minutes)
+    block = UserBlock.create({
+      :user_id => blocked_user.id,
+      :creator_id => moderator.id,
+      :reason => "testing",
+      :ends_at => Time.now.getutc + 5.minutes
+    }, :without_protection => true)
     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
     assert_response :forbidden