Module: DataMapper::MassAssignmentSecurity

Extended by:: ActiveSupport::Concern

Includes:: ActiveModel::MassAssignmentSecurity

Defined in:: lib/dm-rails/mass_assignment_security.rb

Overview

Include this module into a DataMapper model to enable ActiveModel’s mass assignment security.

To use second parameter of #attributes= make sure to include this module last.

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary collapse

#attributes=(attributes, guard_protected_attributes = true) ⇒ Hash

Sanitizes the specified attributes according to the defined mass-assignment security rules and calls super with the result.

Instance Method Details

#attributes=(attributes, guard_protected_attributes = true) ⇒ `Hash`

Sanitizes the specified attributes according to the defined mass-assignment security rules and calls super with the result.

Use either attr_accessible to specify which attributes are allowed to be assigned via #attributes=, or attr_protected to specify which attributes are not allowed to be assigned via #attributes=.

attr_accessible and attr_protected are mutually exclusive.

Examples:

Usage

class User
  include DataMapper::Resource
  include DataMapper::MassAssignmentSecurity

  property :name, String
  property :is_admin, Boolean

  # Only allow name to be set via #attributes=
  attr_accessible :name
end

user = User.new
user.attributes = { :username => 'Phusion', :is_admin => true }
user.username  # => "Phusion"
user.is_admin  # => false

user.send(:attributes=, { :username => 'Phusion', :is_admin => true }, false)
user.is_admin  # => true

# File 'lib/dm-rails/mass_assignment_security.rb', line 84

def attributes=(attributes, guard_protected_attributes = true)
  attributes = sanitize_for_mass_assignment(attributes) if guard_protected_attributes
  super(attributes)
end