protected_attributes 1.1.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -35
- data/lib/protected_attributes/railtie.rb +1 -1
- data/lib/protected_attributes/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 53459972482aff7a63f624080970d9db3289056a
|
|
4
|
+
data.tar.gz: e28892b6cc894a1f88c28702748ef7a8f3a1eaea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 45e13d7c92b6a029ea984c455d25c8edee1283fa6717fe23985e9fc5123859dc33907d66e0c4e124e6a4d9f7c2090f3f95d858693fb3da705b8741aa4b5a90f0
|
|
7
|
+
data.tar.gz: e2ce848b56b7033831d17351d15cd268134d00852ac2b9b5ae47d2bb8903a350c1e71c7163f74bb96eadef5b5ce54c1ea389a8bd472c1e8df612e59f098ddb57
|
data/README.md
CHANGED
|
@@ -80,41 +80,7 @@ In a similar way, `new`, `create`, `create!`, `update_attributes` and `update_at
|
|
|
80
80
|
@user.is_admin # => true
|
|
81
81
|
```
|
|
82
82
|
|
|
83
|
-
By default the gem will
|
|
84
|
-
|
|
85
|
-
As such, your models will need to explicitly whitelist or blacklist accessible parameters by using an `attr_accessible` or `attr_protected` declaration. This technique is best applied at the start of a new project. However, for an existing project with a thorough set of functional tests, it should be straightforward and relatively quick to use this application config option; run your tests, and expose each attribute (via `attr_accessible` or `attr_protected`), as dictated by your failing test.
|
|
86
|
-
|
|
87
|
-
This option can be turned off using a configuration option:
|
|
88
|
-
|
|
89
|
-
```ruby
|
|
90
|
-
config.active_record.whitelist_attributes = false
|
|
91
|
-
```
|
|
92
|
-
|
|
93
|
-
For more complex permissions, mass-assignment security may be handled outside the model by extending a non-Active Record class, such as a controller, with this behavior.
|
|
94
|
-
|
|
95
|
-
For example, a logged-in user may need to assign additional attributes depending on their role:
|
|
96
|
-
|
|
97
|
-
```ruby
|
|
98
|
-
class AccountsController < ApplicationController
|
|
99
|
-
include ActiveModel::MassAssignmentSecurity
|
|
100
|
-
|
|
101
|
-
attr_accessible :first_name, :last_name
|
|
102
|
-
attr_accessible :first_name, :last_name, :plan_id, :as => :admin
|
|
103
|
-
|
|
104
|
-
def update
|
|
105
|
-
...
|
|
106
|
-
@account.update_attributes(account_params)
|
|
107
|
-
...
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
protected
|
|
111
|
-
|
|
112
|
-
def account_params
|
|
113
|
-
role = admin ? :admin : :default
|
|
114
|
-
sanitize_for_mass_assignment(params[:account], role)
|
|
115
|
-
end
|
|
116
|
-
end
|
|
117
|
-
```
|
|
83
|
+
By default the gem will use the strong parameters protection when assigning attribute, unless your model has `attr_accessible` or `attr_protected` calls.
|
|
118
84
|
|
|
119
85
|
### Errors
|
|
120
86
|
|
|
@@ -2,7 +2,7 @@ module ProtectedAttributes
|
|
|
2
2
|
class Railtie < ::Rails::Railtie
|
|
3
3
|
initializer "protected_attributes.active_record", :before => "active_record.set_configs" do |app|
|
|
4
4
|
if app.config.respond_to?(:active_record) && app.config.active_record.delete(:whitelist_attributes)
|
|
5
|
-
ActiveSupport::
|
|
5
|
+
ActiveSupport::Deprecation.warn "config.active_record.whitelist_attributes is deprecated and have no effect. Remove its call from the configuration."
|
|
6
6
|
end
|
|
7
7
|
end
|
|
8
8
|
end
|