Module: DataMapper::MassAssignmentSecurity

Extended by:
ActiveSupport::Concern
Includes:
ActiveModel::MassAssignmentSecurity
Defined in:
lib/dm-rails/mass_assignment_security.rb

Overview

Include this module into a DataMapper model to enable ActiveModel’s mass assignment security.

To use second parameter of #attributes= make sure to include this module last.

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary collapse

Instance Method Details

#attributes=(attributes, guard_protected_attributes = true) ⇒ Hash

Sanitizes the specified attributes according to the defined mass-assignment security rules and calls super with the result.

Use either attr_accessible to specify which attributes are allowed to be assigned via #attributes=, or attr_protected to specify which attributes are not allowed to be assigned via #attributes=.

attr_accessible and attr_protected are mutually exclusive.

Examples:

Usage 

class User
  include DataMapper::Resource
  include DataMapper::MassAssignmentSecurity

  property :name, String
  property :is_admin, Boolean

  # Only allow name to be set via #attributes=
  attr_accessible :name
end

user = User.new
user.attributes = { :username => 'Phusion', :is_admin => true }
user.username  # => "Phusion"
user.is_admin  # => false

user.send(:attributes=, { :username => 'Phusion', :is_admin => true }, false)
user.is_admin  # => true

Parameters:

  • attributes (Hash{Symbol,String,::DataMapper::Property,::DataMapper::Relationship=>Object})

    Names and values of attributes to sanitize.

  • guard_protected_attributes (Boolean) (defaults to: true)

    Determines whether mass-security rules are applied (when true) or not.

Returns:

  • (Hash)

    Sanitized hash of attributes.



84
85
86
87
 
# File 'lib/dm-rails/mass_assignment_security.rb', line 84

def attributes=(attributes, guard_protected_attributes = true)
  attributes = sanitize_for_mass_assignment(attributes) if guard_protected_attributes
  super(attributes)
end