aboutsummaryrefslogblamecommitdiffstats
path: root/activemodel/lib/active_model/forbidden_attributes_protection.rb
blob: 4b37f80c521d29404b7f8c90c93ad9c568063ccc (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

                             
                  











                                                                  
                                                

     
                                                
           
                                                  


                                                                               


                    
         
                                                                        

     
# frozen_string_literal: true

module ActiveModel
  # Raised when forbidden attributes are used for mass assignment.
  #
  #   class Person < ActiveRecord::Base
  #   end
  #
  #   params = ActionController::Parameters.new(name: 'Bob')
  #   Person.new(params)
  #   # => ActiveModel::ForbiddenAttributesError
  #
  #   params.permit!
  #   Person.new(params)
  #   # => #<Person id: nil, name: "Bob">
  class ForbiddenAttributesError < StandardError
  end

  module ForbiddenAttributesProtection # :nodoc:
    private
      def sanitize_for_mass_assignment(attributes)
        if attributes.respond_to?(:permitted?)
          raise ActiveModel::ForbiddenAttributesError if !attributes.permitted?
          attributes.to_h
        else
          attributes
        end
      end
      alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment
  end
end