module ActiveRecord::MassAssignmentSecurity::AttributeAssignment
Public Instance Methods
assign_attributes(new_attributes, options = {})
click to toggle source
Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.
To bypass mass-assignment security you can use the :without_protection => true option.
class User < ActiveRecord::Base attr_accessible :name attr_accessible :name, :is_admin, :as => :admin end user = User.new user.assign_attributes({ :name => 'Josh', :is_admin => true }) user.name # => "Josh" user.is_admin? # => false user = User.new user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin) user.name # => "Josh" user.is_admin? # => true user = User.new user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true) user.name # => "Josh" user.is_admin? # => true
# File lib/active_record/mass_assignment_security/attribute_assignment.rb, line 48 def assign_attributes(new_attributes, options = {}) return if new_attributes.blank? attributes = new_attributes.stringify_keys multi_parameter_attributes = [] nested_parameter_attributes = [] previous_options = @mass_assignment_options @mass_assignment_options = options unless options[:without_protection] attributes = sanitize_for_mass_assignment(attributes, mass_assignment_role) end attributes.each do |k, v| if k.include?("(") multi_parameter_attributes << [ k, v ] elsif v.is_a?(Hash) nested_parameter_attributes << [ k, v ] else _assign_attribute(k, v) end end assign_nested_parameter_attributes(nested_parameter_attributes) unless nested_parameter_attributes.empty? assign_multiparameter_attributes(multi_parameter_attributes) unless multi_parameter_attributes.empty? ensure @mass_assignment_options = previous_options end
Protected Instance Methods
mass_assignment_options()
click to toggle source
# File lib/active_record/mass_assignment_security/attribute_assignment.rb, line 79 def mass_assignment_options @mass_assignment_options ||= {} end
mass_assignment_role()
click to toggle source
# File lib/active_record/mass_assignment_security/attribute_assignment.rb, line 83 def mass_assignment_role mass_assignment_options[:as] || :default end