protected_attributes 1.1.2 → 1.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0896f7d4e713a4a55bada71439b81882f4850d80
4
- data.tar.gz: 0f494cc600e6c829a60e6809b53af13fa38a5d08
3
+ metadata.gz: 53459972482aff7a63f624080970d9db3289056a
4
+ data.tar.gz: e28892b6cc894a1f88c28702748ef7a8f3a1eaea
5
5
  SHA512:
6
- metadata.gz: 599ca997afb7175b9a4c962ca1a44aa141fb72e689459a439df317b8bf691f1339bd8e80a9c095f85c742925f59e3733cbb3ace6994605006b95650a7ee03ca1
7
- data.tar.gz: 830750032eef2832eb5fcfd7b273804067345b31be067c4e7f1a79d7b180d953e2f4cd77ccc124ed4aa670810cc85d663e1cc57cb947af4b38ea8a357f02547e
6
+ metadata.gz: 45e13d7c92b6a029ea984c455d25c8edee1283fa6717fe23985e9fc5123859dc33907d66e0c4e124e6a4d9f7c2090f3f95d858693fb3da705b8741aa4b5a90f0
7
+ data.tar.gz: e2ce848b56b7033831d17351d15cd268134d00852ac2b9b5ae47d2bb8903a350c1e71c7163f74bb96eadef5b5ce54c1ea389a8bd472c1e8df612e59f098ddb57
data/README.md CHANGED
@@ -80,41 +80,7 @@ In a similar way, `new`, `create`, `create!`, `update_attributes` and `update_at
80
80
  @user.is_admin # => true
81
81
  ```
82
82
 
83
- By default the gem will create an empty whitelist of attributes available for mass-assignment for all models in your app.
84
-
85
- As such, your models will need to explicitly whitelist or blacklist accessible parameters by using an `attr_accessible` or `attr_protected` declaration. This technique is best applied at the start of a new project. However, for an existing project with a thorough set of functional tests, it should be straightforward and relatively quick to use this application config option; run your tests, and expose each attribute (via `attr_accessible` or `attr_protected`), as dictated by your failing test.
86
-
87
- This option can be turned off using a configuration option:
88
-
89
- ```ruby
90
- config.active_record.whitelist_attributes = false
91
- ```
92
-
93
- For more complex permissions, mass-assignment security may be handled outside the model by extending a non-Active Record class, such as a controller, with this behavior.
94
-
95
- For example, a logged-in user may need to assign additional attributes depending on their role:
96
-
97
- ```ruby
98
- class AccountsController < ApplicationController
99
- include ActiveModel::MassAssignmentSecurity
100
-
101
- attr_accessible :first_name, :last_name
102
- attr_accessible :first_name, :last_name, :plan_id, :as => :admin
103
-
104
- def update
105
- ...
106
- @account.update_attributes(account_params)
107
- ...
108
- end
109
-
110
- protected
111
-
112
- def account_params
113
- role = admin ? :admin : :default
114
- sanitize_for_mass_assignment(params[:account], role)
115
- end
116
- end
117
- ```
83
+ By default the gem will use the strong parameters protection when assigning attribute, unless your model has `attr_accessible` or `attr_protected` calls.
118
84
 
119
85
  ### Errors
120
86
 
@@ -2,7 +2,7 @@ module ProtectedAttributes
2
2
  class Railtie < ::Rails::Railtie
3
3
  initializer "protected_attributes.active_record", :before => "active_record.set_configs" do |app|
4
4
  if app.config.respond_to?(:active_record) && app.config.active_record.delete(:whitelist_attributes)
5
- ActiveSupport::Deprection.warn "config.active_record.whitelist_attributes is deprecated and have no effect. Remove its call from the configuration."
5
+ ActiveSupport::Deprecation.warn "config.active_record.whitelist_attributes is deprecated and have no effect. Remove its call from the configuration."
6
6
  end
7
7
  end
8
8
  end
@@ -1,3 +1,3 @@
1
1
  module ProtectedAttributes
2
- VERSION = "1.1.2"
2
+ VERSION = "1.1.3"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: protected_attributes
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson