module ActiveModel::MassAssignmentSecurity
Active Model Mass-Assignment Security¶ ↑
Mass assignment security provides an interface for protecting attributes from end-user assignment. For more complex permissions, mass assignment security may be handled outside the model by extending a non-ActiveRecord class, such as a controller, with this behavior.
For example, a logged in user may need to assign additional attributes depending on their role:
class AccountsController < ApplicationController include ActiveModel::MassAssignmentSecurity attr_accessible :first_name, :last_name attr_accessible :first_name, :last_name, :plan_id, as: :admin def update ... @account.update_attributes(account_params) ... end protected def account_params role = admin ? :admin : :default sanitize_for_mass_assignment(params[:account], role) end end
Configuration options¶ ↑
-
mass_assignment_sanitizer
- Defines sanitize method. Possible values are:-
:logger
(default) - writes filtered attributes to logger -
:strict
- raiseActiveModel::MassAssignmentSecurity::Error
on any protected attribute update.
-
You can specify your own sanitizer object eg. MySanitizer.new
.
See ActiveModel::MassAssignmentSecurity::LoggerSanitizer
for
example implementation.