Module: Sufia::GenericFile::AccessibleAttributes::ClassMethods

Defined in:

lib/sufia/models/generic_file/accessible_attributes.rb

Instance Method Summary

• #attr_accessible(*args) ⇒ Object

  Specifies a white list of model attributes that can be set via mass-assignment.

Instance Method Details

#attr_accessible(*args) ⇒ Object

Specifies a white list of model attributes that can be set via mass-assignment.

Like attr_protected, a role for the attributes is optional, if no role is provided then :default is used. A role can be defined by using the :as option.

Mass-assignment will only set attributes in this list, to assign to the rest of # attributes you can use direct writer methods. This is meant to protect sensitive attributes from being overwritten by malicious users # tampering with URLs or forms.

class Customer
  include ActiveModel::MassAssignmentSecurity

  attr_accessor :name, :credit_rating

  attr_accessible :name
  attr_accessible :name, :credit_rating, :as => :admin

  def assign_attributes(values, options = {})
    sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
      send("#{k}=", v)
    end
  end
end

When using the :default role:

customer = Customer.new
customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
customer.name          # => "David"
customer.credit_rating # => nil

customer.credit_rating = "Average"
customer.credit_rating # => "Average"

And using the :admin role:

customer = Customer.new
customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
customer.name          # => "David"
customer.credit_rating # => "Excellent"

Note that using Hash#except or Hash#slice in place of attr_accessible to sanitize attributes provides basically the same functionality, but it makes a bit tricky to deal with nested attributes.

# File 'lib/sufia/models/generic_file/accessible_attributes.rb', line 73

def attr_accessible(*args)
  options = args.extract_options!
  role = options[:as] || :default

  self._accessible_attributes ||= {}

  Array.wrap(role).each do |name|
    self._accessible_attributes[name] = args.map &:to_sym
  end
end