Ruby on Rails latest stable (v7.1.3.2) - 0 notes

Module deprecated or moved

This module is deprecated or moved on the latest stable version. The last existing version (v3.2.13) is shown here.

Mass assignment security provides an interface for protecting attributes from end-user assignment. For more complex permissions, mass assignment security may be handled outside the model by extending a non-ActiveRecord class, such as a controller, with this behavior.

For example, a logged in user may need to assign additional attributes depending on their role:

class AccountsController < ApplicationController
  include ActiveModel::MassAssignmentSecurity

  attr_accessible :first_name, :last_name
  attr_accessible :first_name, :last_name, :plan_id, :as => :admin

  def update
    ...
    @account.update_attributes(account_params)
    ...
  end

  protected

  def account_params
    role = admin ? :admin : :default
    sanitize_for_mass_assignment(params[:account], role)
  end

end

Configuration options

  • mass_assignment_sanitizer - Defines sanitize method. Possible values are:

You can specify your own sanitizer object eg. MySanitizer.new. See ActiveModel::MassAssignmentSecurity::LoggerSanitizer for example implementation.

Show files where this module is defined (1 file)
Register or log in to add new notes.