RSpec
Ruby on Rails
Ruby
method
attr_protected
v3.0.9 -
Show latest stable
-
0 notes -
Class: ActiveModel::MassAssignmentSecurity::ClassMethods
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0 (0)
- 3.0.9 (-1)
- 3.1.0 (13)
- 3.2.1 (0)
- 3.2.8 (1)
- 3.2.13 (0)
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0
- 6.1.3.1
- 6.1.7.7
- 7.0.0
- 7.1.3.2
- What's this?
-
accessible_attributes
-
accessible_attributes_configs
(>= v3.1.0)
-
active_authorizer
-
active_authorizers
(>= v3.1.0)
-
attr_accessible
-
attributes_protected_by_def...
-
attr_protected
-
mass_assignment_sanitizer=
(>= v3.2.1)
-
protected_attributes
-
protected_attributes_configs
(>= v3.1.0)
= private
= protected
attr_protected(*names)
public
Attributes named in this macro are protected from mass-assignment whenever attributes are sanitized before assignment.
Mass-assignment to these attributes will simply be ignored, to assign to them you can use direct writer methods. This is meant to protect sensitive attributes from being overwritten by malicious users tampering with URLs or forms.
Example
class Customer include ActiveModel::MassAssignmentSecurity attr_accessor :name, :credit_rating attr_protected :credit_rating def attributes=(values) sanitize_for_mass_assignment(values).each do |k, v| send("#{k}=", v) end end end customer = Customer.new customer.attributes = { "name" => "David", "credit_rating" => "Excellent" } customer.name # => "David" customer.credit_rating # => nil customer.credit_rating = "Average" customer.credit_rating # => "Average"
To start from an all-closed default and enable attributes as needed, have a look at attr_accessible.
Note that using Hash#except or Hash#slice in place of attr_protected to sanitize attributes won’t provide sufficient protection.
