module ActiveRecord::MassAssignmentSecurity::AttributeAssignment

Public Instance Methods

assign_attributes(new_attributes, options = {}) click to toggle source

Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.

To bypass mass-assignment security you can use the :without_protection => true option.

class User < ActiveRecord::Base
  attr_accessible :name
  attr_accessible :name, :is_admin, :as => :admin
end

user = User.new
user.assign_attributes({ :name => 'Josh', :is_admin => true })
user.name       # => "Josh"
user.is_admin?  # => false

user = User.new
user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
user.name       # => "Josh"
user.is_admin?  # => true

user = User.new
user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
user.name       # => "Josh"
user.is_admin?  # => true
# File lib/active_record/mass_assignment_security/attribute_assignment.rb, line 48
def assign_attributes(new_attributes, options = {})
  return if new_attributes.blank?

  attributes                  = new_attributes.stringify_keys
  multi_parameter_attributes  = []
  nested_parameter_attributes = []
  previous_options            = @mass_assignment_options
  @mass_assignment_options    = options

  unless options[:without_protection]
    attributes = sanitize_for_mass_assignment(attributes, mass_assignment_role)
  end

  attributes.each do |k, v|
    if k.include?("(")
      multi_parameter_attributes << [ k, v ]
    elsif v.is_a?(Hash)
      nested_parameter_attributes << [ k, v ]
    else
      _assign_attribute(k, v)
    end
  end

  assign_nested_parameter_attributes(nested_parameter_attributes) unless nested_parameter_attributes.empty?
  assign_multiparameter_attributes(multi_parameter_attributes) unless multi_parameter_attributes.empty?
ensure
  @mass_assignment_options = previous_options
end

Protected Instance Methods

mass_assignment_options() click to toggle source
# File lib/active_record/mass_assignment_security/attribute_assignment.rb, line 79
def mass_assignment_options
  @mass_assignment_options ||= {}
end
mass_assignment_role() click to toggle source
# File lib/active_record/mass_assignment_security/attribute_assignment.rb, line 83
def mass_assignment_role
  mass_assignment_options[:as] || :default
end