Flowdock
v3.0.9 - Show latest stable - 0 notes

Mass assignment security provides an interface for protecting attributes from end-user assignment. For more complex permissions, mass assignment security may be handled outside the model by extending a non-ActiveRecord class, such as a controller, with this behavior.

For example, a logged in user may need to assign additional attributes depending on their role:

class AccountsController < ApplicationController

include ActiveModel::MassAssignmentSecurity

attr_accessible :first_name, :last_name

def self.admin_accessible_attributes
  accessible_attributes + [ :plan_id ]
end

def update
  ...
  @account.update_attributes(account_params)
  ...
end

protected

def account_params
  sanitize_for_mass_assignment(params[:account])
end

def mass_assignment_authorizer
  admin ? admin_accessible_attributes : super
end

end

Show files where this module is defined (1 file)
Register or log in to add new notes.