- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0 (0)
- 3.0.9 (-2)
- 3.1.0 (-1)
- 3.2.1 (14)
- 3.2.8 (0)
- 3.2.13 (0)
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0
- 6.1.3.1
- 6.1.7.7
- 7.0.0
- 7.1.3.2
- 7.1.3.4
- What's this?
Mass assignment security provides an interface for protecting attributes from end-user assignment. For more complex permissions, mass assignment security may be handled outside the model by extending a non-ActiveRecord class, such as a controller, with this behavior.
For example, a logged in user may need to assign additional attributes depending on their role:
class AccountsController < ApplicationController include ActiveModel::MassAssignmentSecurity attr_accessible :first_name, :last_name attr_accessible :first_name, :last_name, :plan_id, :as => :admin def update ... @account.update_attributes(account_params) ... end protected def account_params role = admin ? :admin : :default sanitize_for_mass_assignment(params[:account], role) end end
Configuration options
-
mass_assignment_sanitizer - Defines sanitize method. Possible values are:
-
:logger (default) - writes filtered attributes to logger
-
:strict - raise ActiveModel::MassAssignmentSecurity::Error on any protected attribute update
-
You can specify your own sanitizer object eg. MySanitizer.new. See ActiveModel::MassAssignmentSecurity::LoggerSanitizer for example implementation.