Module: Sufia::GenericFile::AccessibleAttributes::ClassMethods
- Defined in:
- lib/sufia/models/generic_file/accessible_attributes.rb
Instance Method Summary collapse
-
#attr_accessible(*args) ⇒ Object
Specifies a white list of model attributes that can be set via mass-assignment.
Instance Method Details
#attr_accessible(*args) ⇒ Object
Specifies a white list of model attributes that can be set via mass-assignment.
Like attr_protected
, a role for the attributes is optional, if no role is provided then :default is used. A role can be defined by using the :as option.
Mass-assignment will only set attributes in this list, to assign to the rest of # attributes you can use direct writer methods. This is meant to protect sensitive attributes from being overwritten by malicious users # tampering with URLs or forms.
class Customer
include ActiveModel::MassAssignmentSecurity
attr_accessor :name, :credit_rating
attr_accessible :name
attr_accessible :name, :credit_rating, :as => :admin
def assign_attributes(values, = {})
sanitize_for_mass_assignment(values, [:as]).each do |k, v|
send("#{k}=", v)
end
end
end
When using the :default role:
customer = Customer.new
customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
customer.name # => "David"
customer. # => nil
customer. = "Average"
customer. # => "Average"
And using the :admin role:
customer = Customer.new
customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
customer.name # => "David"
customer. # => "Excellent"
Note that using Hash#except
or Hash#slice
in place of attr_accessible
to sanitize attributes provides basically the same functionality, but it makes a bit tricky to deal with nested attributes.
73 74 75 76 77 78 79 80 81 82 |
# File 'lib/sufia/models/generic_file/accessible_attributes.rb', line 73 def attr_accessible(*args) = args. role = [:as] || :default self._accessible_attributes ||= {} Array.wrap(role).each do |name| self._accessible_attributes[name] = args.map &:to_sym end end |