method

attr_protected

v1.1.6 - Show latest stable - 0 notes - Class: ActiveRecord::Base

1.0.0 (0)
1.1.6 (0)
1.2.6 (0)
2.0.3 (4)
2.1.0 (3)
2.2.1 (0)
2.3.8 (0)
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0
6.1.3.1
6.1.7.7
7.0.0
7.1.3.2
7.1.3.4
What's this?

Related methods

Class methods (218)
===
abstract_class?
accessible_attributes (>= v2.1.0)
active_connection_name (>= v2.1.0)
add_conditions!
add_group! (>= v2.0.3)
add_joins!
add_limit!
add_lock! (>= v1.2.6)
add_order! (>= v1.2.6)
aggregate_mapping (>= v2.1.0)
all (>= v2.1.0)
all_attributes_exists?
allow_concurrency (>= v2.2.1)
allow_concurrency= (>= v2.1.0)
arel_engine (>= v3.0.0)
arel_table (>= v3.0.0)
array_of_strings? (>= v2.2.1)
attr_accessible
attribute_condition
attribute_method? (>= v3.0.0)
attribute_names (>= v3.1.0)
attributes_protected_by_def... (>= v3.0.0)
attr_protected
attr_readonly (>= v2.0.3)
base_class
before_remove_const (>= v3.0.9)
benchmark
build_default_scope (>= v3.1.0)
class_name (>= v2.1.0)
class_name_of_active_record... (>= v1.0.0)
class_of_active_record_desc...
clear_active_connection_name (>= v2.1.0)
clear_active_connections!
clear_all_cached_connections!
clear_cache!
clear_connection_cache! (<= v1.0.0)
clear_reloadable_connections! (>= v1.2.6)
colorize_logging (>= v3.0.0)
colorize_logging= (>= v3.0.9)
column_defaults (>= v3.1.0)
column_methods_hash (>= v1.0.0)
column_names
columns
columns_hash
compute_table_name (>= v3.0.0)
compute_type
configurations (>= v3.0.9)
connected?
connection
connection=
connection_config (>= v3.1.0)
connection_handler (>= v3.0.9)
connection_id (>= v3.2.1)
connection_id= (>= v3.2.1)
connection_pool (>= v2.2.1)
construct_attributes_from_a...
construct_conditions_from_a...
construct_finder_arel (>= v3.0.0)
construct_finder_sql
content_columns
count (<= v1.0.0)
count_by_sql
create
current_scope (>= v3.1.0)
current_scope= (>= v3.1.0)
current_scoped_methods (>= v2.1.0)
decrement_counter
default_scope (>= v2.3.8)
default_select (>= v2.3.8)
default_timezone (>= v3.0.9)
define_attr_method
delete
delete_all
descends_from_active_record? (>= v2.0.3)
destroy
destroy_all
determine_deprecated_finder
determine_finder
determine_instantiator (>= v1.2.6)
encode_quoted_value (>= v1.0.0)
establish_connection
evaluate_default_scope (>= v3.1.0)
exists?
expand_attribute_names_for_... (>= v2.1.0)
expand_hash_conditions_for_... (>= v2.1.0)
expand_id_conditions (>= v1.2.6)
expand_range_bind_variables (>= v2.1.0)
extract_attribute_names_fro...
extract_options_from_args! (<= v1.0.0)
find
find_by_sql
finder_needs_type_condition? (>= v2.1.0)
find_every
find_from_ids
find_initial
find_last (>= v2.1.0)
find_one
find_some
find_sti_class (>= v3.0.0)
first (>= v2.1.0)
full_table_name_prefix (>= v2.3.8)
generated_feature_methods (>= v3.2.1)
get_primary_key (>= v2.1.0)
human_attribute_name (>= v2.1.0)
human_name (>= v2.2.1)
i18n_scope (>= v3.0.0)
ignore_default_scope= (>= v3.1.0)
ignore_default_scope? (>= v3.1.0)
increment_counter
inheritance_column
inheritance_column= (>= v3.0.9)
inherited (>= v2.1.0)
initialize_generated_modules (>= v3.2.1)
inspect (>= v2.0.3)
instantiate
last (>= v2.1.0)
log_connections (>= v2.1.0)
logger (>= v3.0.9)
lookup_ancestors (>= v3.0.0)
matches_dynamic_finder? (>= v2.1.0)
matches_dynamic_finder_with... (>= v2.1.0)
merge_conditions (>= v2.1.0)
merge_includes
merge_joins (>= v2.2.1)
method_missing
mysql2_connection (>= v3.1.0)
mysql_connection (>= v2.1.0)
new
parse_config!
parse_sqlite_config! (>= v2.0.3)
pluralize_table_names (>= v3.0.9)
postgresql_connection (>= v2.1.0)
primary_key
primary_key_prefix_type (>= v3.0.9)
protected_attributes (>= v2.1.0)
quote_bound_value (>= v1.0.0)
quoted_table_name (>= v2.0.3)
quote_value (>= v2.1.0)
raise_if_bind_arity_mismatch (>= v1.0.0)
read_methods (<= v1.0.0)
readonly_attributes (>= v2.0.3)
relation (>= v3.0.0)
remove_connection
remove_stale_cached_threads!
replace_bind_variables (>= v1.0.0)
replace_named_bind_variables (>= v1.0.0)
require_mysql (>= v1.2.6)
reset_column_information
reset_column_information_an... (>= v2.1.0)
reset_counters (>= v2.3.8)
reset_primary_key (>= v1.0.0)
reset_scoped_methods (>= v3.0.9)
reset_sequence_name (>= v1.0.0)
reset_subclasses (>= v1.0.0)
reset_table_name (>= v1.0.0)
respond_to? (>= v2.1.0)
retrieve_connection (>= v2.1.0)
reverse_sql_order (>= v2.1.0)
safe_to_array
sanitize (>= v2.1.0)
sanitize_conditions (>= v3.0.9)
sanitize_sql
sanitize_sql_array (>= v1.2.6)
sanitize_sql_for_assignment (>= v2.0.3)
sanitize_sql_for_conditions (>= v2.0.3)
sanitize_sql_hash (>= v1.2.6)
sanitize_sql_hash_for_assig... (>= v2.0.3)
sanitize_sql_hash_for_condi... (>= v2.0.3)
schema_format (>= v3.0.9)
scope (>= v1.0.0)
scoped? (>= v1.0.0)
scoped_methods (>= v1.0.0)
scoped_methods= (<= v1.0.0)
self_and_descendants_from_a... (>= v2.3.8)
self_and_descendents_from_a... (>= v2.2.1)
sequence_name (>= v1.0.0)
sequence_name= (>= v3.0.9)
serialize
serialized_attributes
set_inheritance_column
set_locking_column
set_primary_key
set_readonly_option! (>= v2.1.0)
set_sequence_name
set_table_name
silence
single_threaded_active_conn... (>= v2.1.0)
single_threaded_scoped_methods (>= v2.1.0)
sqlite3_connection (>= v2.1.0)
sqlite_connection (>= v2.1.0)
sti_name (>= v2.1.0)
subclasses (>= v1.0.0)
symbolized_base_class (>= v3.1.0)
symbolized_sti_name (>= v3.1.0)
table_exists?
table_name
table_name= (>= v3.0.9)
table_name_prefix (>= v3.0.9)
table_name_suffix (>= v3.0.9)
threaded_connections (<= v1.0.0)
threaded_connections= (<= v1.0.0)
thread_safe_active_connections (>= v2.1.0)
thread_safe_scoped_methods (>= v2.1.0)
timestamped_migrations (>= v3.0.9)
type_condition
type_name_with_module
undecorated_table_name
unscoped (>= v3.0.0)
update
update_all
update_counters (>= v2.0.3)
validate_find_options (>= v1.0.0)
verification_timeout (>= v2.2.1)
verification_timeout= (>= v2.2.1)
verify_active_connections! (>= v2.1.0)
with_exclusive_scope
with_scope
Instance methods (107)
<=> (>= v3.1.0)
==
[]
[]=
arel_attributes_values (>= v3.0.0)
assign_attributes (>= v2.3.8)
assign_multiparameter_attri...
attribute_for_inspect (>= v2.0.3)
attribute_names
attribute_present?
attributes
attributes=
attributes_before_type_cast
attributes_from_column_defi...
attributes_protected_by_def...
attributes_with_quotes
becomes (>= v2.0.3)
cache_key (>= v2.1.0)
clear_timestamp_attributes (>= v3.1.0)
clone
clone_attributes
clone_attribute_value
column_for_attribute
comma_pair_list
connection
convert_number_column_value
create
create_or_update
decrement
decrement!
define_question_method
define_read_method
define_read_method_for_seri... (>= v1.2.6)
define_read_methods
delete (>= v2.2.1)
destroy
destroyed? (>= v2.3.8)
dup (>= v3.0.0)
encode_with (>= v3.1.0)
ensure_proper_type
eql?
evaluate_read_method
execute_callstack_for_multi...
extract_callstack_for_multi...
extract_max_param_for_multi... (>= v3.1.0)
find_parameter_position
freeze
frozen?
has_attribute?
hash
id
id=
id_before_type_cast (>= v2.1.0)
increment
increment!
initialize_copy (>= v3.0.0)
initialize_dup (>= v3.1.0)
init_with (>= v3.0.9)
inspect (>= v2.0.3)
instantiate_time_object (>= v2.0.3)
interpolate_and_sanitize_sql (>= v3.0.9)
interpolate_sanitized_sql (>= v3.0.9)
interpolate_sql
log_protected_attribute_rem... (>= v2.2.1)
mass_assignment_options (>= v3.1.0)
mass_assignment_role (>= v3.1.0)
method_missing
new_record?
object_from_yaml
populate_with_current_scope... (>= v3.0.9)
query_attribute
quote
quote_columns
quoted_column_names
quoted_comma_pair_list
quoted_id (>= v2.1.0)
quote_value (>= v1.2.6)
read_attribute
read_attribute_before_type_...
read_date_parameter_value (>= v3.1.0)
readonly! (>= v1.0.0)
readonly?
read_other_parameter_value (>= v3.1.0)
read_time_parameter_value (>= v3.1.0)
read_value_from_parameter (>= v3.1.0)
reload
remove_attributes_protected...
remove_readonly_attributes (>= v2.0.3)
respond_to?
save
save!
set_serialized_attributes (>= v3.1.0)
to_ary (>= v3.1.0)
toggle
toggle!
to_param
to_xml
to_yaml (>= v3.2.1)
type_cast_attribute_value
unserializable_attribute?
unserialize_attribute
update
update_attribute
update_attributes
update_attributes! (>= v1.2.6)
write_attribute
yaml_initialize (>= v3.2.1)

Icon_private_sm = private
Icon_protected_sm = protected

attr_protected(*attributes) public

Attributes named in this macro are protected from mass-assignment, such as new(attributes) and attributes=(attributes). Their assignment will simply be ignored. Instead, you can use the direct writer methods to do assignment. This is meant to protect sensitive attributes from being overwritten by URL/form hackers. Example:

  class Customer < ActiveRecord::Base
    attr_protected :credit_rating
  end

  customer = Customer.new("name" => David, "credit_rating" => "Excellent")
  customer.credit_rating # => nil
  customer.attributes = { "description" => "Jolly fellow", "credit_rating" => "Superb" }
  customer.credit_rating # => nil

  customer.credit_rating = "Average"
  customer.credit_rating # => "Average"

Show source

# File activerecord/lib/active_record/base.rb, line 510
      def attr_protected(*attributes)
        write_inheritable_array("attr_protected", attributes - (protected_attributes || []))
      end