method

attr_protected

v2.3.8 - Show latest stable - 0 notes - Class: ActiveRecord::Base

1.0.0 (0)
1.1.6 (0)
1.2.6 (0)
2.0.3 (4)
2.1.0 (3)
2.2.1 (0)
2.3.8 (0)
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0
6.1.3.1
6.1.7.7
7.0.0
7.1.3.2
7.1.3.4
What's this?

Related methods

Class methods (218)
===
abstract_class?
accessible_attributes
active_connection_name (<= v2.1.0)
add_conditions!
add_group!
add_joins!
add_limit!
add_lock!
add_order!
aggregate_mapping
all
all_attributes_exists?
allow_concurrency
allow_concurrency=
arel_engine (>= v3.0.0)
arel_table (>= v3.0.0)
array_of_strings?
attr_accessible
attribute_condition
attribute_method? (>= v3.0.0)
attribute_names (>= v3.1.0)
attributes_protected_by_def... (>= v3.0.0)
attr_protected
attr_readonly
base_class
before_remove_const (>= v3.0.9)
benchmark
build_default_scope (>= v3.1.0)
class_name
class_name_of_active_record...
class_of_active_record_desc...
clear_active_connection_name (<= v2.1.0)
clear_active_connections! (>= v1.1.6)
clear_all_cached_connections! (<= v2.1.0)
clear_cache! (>= v1.1.6)
clear_connection_cache! (<= v1.0.0)
clear_reloadable_connections! (<= v2.1.0)
colorize_logging (>= v3.0.0)
colorize_logging= (>= v3.0.9)
column_defaults (>= v3.1.0)
column_methods_hash
column_names
columns
columns_hash
compute_table_name (>= v3.0.0)
compute_type
configurations (>= v3.0.9)
connected?
connection
connection= (<= v2.1.0)
connection_config (>= v3.1.0)
connection_handler (>= v3.0.9)
connection_id (>= v3.2.1)
connection_id= (>= v3.2.1)
connection_pool
construct_attributes_from_a...
construct_conditions_from_a... (<= v1.1.6)
construct_finder_arel (>= v3.0.0)
construct_finder_sql
content_columns
count (<= v1.0.0)
count_by_sql
create
current_scope (>= v3.1.0)
current_scope= (>= v3.1.0)
current_scoped_methods
decrement_counter
default_scope
default_select
default_timezone (>= v3.0.9)
define_attr_method
delete
delete_all
descends_from_active_record?
destroy
destroy_all
determine_deprecated_finder (<= v1.2.6)
determine_finder (<= v2.1.0)
determine_instantiator (<= v2.1.0)
encode_quoted_value
establish_connection
evaluate_default_scope (>= v3.1.0)
exists?
expand_attribute_names_for_...
expand_hash_conditions_for_...
expand_id_conditions
expand_range_bind_variables
extract_attribute_names_fro... (<= v2.1.0)
extract_options_from_args! (<= v1.0.0)
find
find_by_sql
finder_needs_type_condition?
find_every
find_from_ids
find_initial
find_last
find_one
find_some
find_sti_class (>= v3.0.0)
first
full_table_name_prefix
generated_feature_methods (>= v3.2.1)
get_primary_key
human_attribute_name
human_name
i18n_scope (>= v3.0.0)
ignore_default_scope= (>= v3.1.0)
ignore_default_scope? (>= v3.1.0)
increment_counter
inheritance_column
inheritance_column= (>= v3.0.9)
inherited
initialize_generated_modules (>= v3.2.1)
inspect
instantiate
last
log_connections (<= v2.1.0)
logger (>= v3.0.9)
lookup_ancestors (>= v3.0.0)
matches_dynamic_finder? (<= v2.1.0)
matches_dynamic_finder_with... (<= v2.1.0)
merge_conditions
merge_includes
merge_joins
method_missing
mysql2_connection (>= v3.1.0)
mysql_connection
new
parse_config! (<= v1.2.6)
parse_sqlite_config!
pluralize_table_names (>= v3.0.9)
postgresql_connection
primary_key
primary_key_prefix_type (>= v3.0.9)
protected_attributes
quote_bound_value
quoted_table_name
quote_value
raise_if_bind_arity_mismatch
read_methods (<= v1.0.0)
readonly_attributes
relation (>= v3.0.0)
remove_connection
remove_stale_cached_threads! (<= v2.1.0)
replace_bind_variables
replace_named_bind_variables
require_mysql (<= v2.1.0)
reset_column_information
reset_column_information_an...
reset_counters
reset_primary_key
reset_scoped_methods (>= v3.0.9)
reset_sequence_name
reset_subclasses
reset_table_name
respond_to?
retrieve_connection
reverse_sql_order
safe_to_array
sanitize
sanitize_conditions (>= v3.0.9)
sanitize_sql (>= v1.0.0)
sanitize_sql_array
sanitize_sql_for_assignment
sanitize_sql_for_conditions
sanitize_sql_hash (>= v1.2.6)
sanitize_sql_hash_for_assig...
sanitize_sql_hash_for_condi...
schema_format (>= v3.0.9)
scope
scoped?
scoped_methods
scoped_methods= (<= v1.0.0)
self_and_descendants_from_a...
self_and_descendents_from_a... (<= v2.2.1)
sequence_name
sequence_name= (>= v3.0.9)
serialize
serialized_attributes
set_inheritance_column
set_locking_column (<= v1.1.6)
set_primary_key
set_readonly_option!
set_sequence_name
set_table_name
silence
single_threaded_active_conn... (<= v2.1.0)
single_threaded_scoped_methods (<= v2.1.0)
sqlite3_connection
sqlite_connection
sti_name
subclasses
symbolized_base_class (>= v3.1.0)
symbolized_sti_name (>= v3.1.0)
table_exists?
table_name
table_name= (>= v3.0.9)
table_name_prefix (>= v3.0.9)
table_name_suffix (>= v3.0.9)
threaded_connections (<= v1.0.0)
threaded_connections= (<= v1.0.0)
thread_safe_active_connections (<= v2.1.0)
thread_safe_scoped_methods (<= v2.1.0)
timestamped_migrations (>= v3.0.9)
type_condition
type_name_with_module
undecorated_table_name
unscoped (>= v3.0.0)
update
update_all
update_counters
validate_find_options
verification_timeout
verification_timeout=
verify_active_connections! (<= v2.1.0)
with_exclusive_scope
with_scope
Instance methods (107)
<=> (>= v3.1.0)
==
[]
[]=
arel_attributes_values (>= v3.0.0)
assign_attributes
assign_multiparameter_attri...
attribute_for_inspect
attribute_names
attribute_present?
attributes
attributes=
attributes_before_type_cast
attributes_from_column_defi...
attributes_protected_by_def...
attributes_with_quotes
becomes
cache_key
clear_timestamp_attributes (>= v3.1.0)
clone
clone_attributes
clone_attribute_value
column_for_attribute
comma_pair_list
connection
convert_number_column_value
create
create_or_update
decrement
decrement!
define_question_method (<= v1.2.6)
define_read_method (<= v1.2.6)
define_read_method_for_seri... (<= v1.2.6)
define_read_methods (<= v1.2.6)
delete
destroy
destroyed?
dup (>= v3.0.0)
encode_with (>= v3.1.0)
ensure_proper_type
eql?
evaluate_read_method (<= v1.2.6)
execute_callstack_for_multi...
extract_callstack_for_multi...
extract_max_param_for_multi... (>= v3.1.0)
find_parameter_position
freeze
frozen?
has_attribute?
hash
id
id=
id_before_type_cast
increment
increment!
initialize_copy (>= v3.0.0)
initialize_dup (>= v3.1.0)
init_with (>= v3.0.9)
inspect
instantiate_time_object
interpolate_and_sanitize_sql (>= v3.0.9)
interpolate_sanitized_sql (>= v3.0.9)
interpolate_sql
log_protected_attribute_rem...
mass_assignment_options (>= v3.1.0)
mass_assignment_role (>= v3.1.0)
method_missing (<= v1.2.6)
new_record?
object_from_yaml
populate_with_current_scope... (>= v3.0.9)
query_attribute (<= v1.2.6)
quote (<= v1.2.6)
quote_columns
quoted_column_names
quoted_comma_pair_list
quoted_id
quote_value
read_attribute (<= v1.2.6)
read_attribute_before_type_... (<= v1.2.6)
read_date_parameter_value (>= v3.1.0)
readonly!
readonly?
read_other_parameter_value (>= v3.1.0)
read_time_parameter_value (>= v3.1.0)
read_value_from_parameter (>= v3.1.0)
reload
remove_attributes_protected...
remove_readonly_attributes
respond_to? (<= v1.2.6)
save
save!
set_serialized_attributes (>= v3.1.0)
to_ary (>= v3.1.0)
toggle
toggle!
to_param
to_xml (<= v1.1.6)
to_yaml (>= v3.2.1)
type_cast_attribute_value
unserializable_attribute? (<= v1.2.6)
unserialize_attribute (<= v1.2.6)
update
update_attribute
update_attributes
update_attributes!
write_attribute (<= v1.2.6)
yaml_initialize (>= v3.2.1)

Icon_private_sm = private
Icon_protected_sm = protected

attr_protected(*attributes) public

Attributes named in this macro are protected from mass-assignment, such as new(attributes), update_attributes(attributes), or attributes=(attributes).

Mass-assignment to these attributes will simply be ignored, to assign to them you can use direct writer methods. This is meant to protect sensitive attributes from being overwritten by malicious users tampering with URLs or forms.

  class Customer < ActiveRecord::Base
    attr_protected :credit_rating
  end

  customer = Customer.new("name" => David, "credit_rating" => "Excellent")
  customer.credit_rating # => nil
  customer.attributes = { "description" => "Jolly fellow", "credit_rating" => "Superb" }
  customer.credit_rating # => nil

  customer.credit_rating = "Average"
  customer.credit_rating # => "Average"

To start from an all-closed default and enable attributes as needed, have a look at attr_accessible.

Show source

# File activerecord/lib/active_record/base.rb, line 1050
      def attr_protected(*attributes)
        write_inheritable_attribute(:attr_protected, Set.new(attributes.map(&:to_s)) + (protected_attributes || []))
      end