diff options
author | Marcel Molina <marcel@vernix.org> | 2007-11-06 23:50:23 +0000 |
---|---|---|
committer | Marcel Molina <marcel@vernix.org> | 2007-11-06 23:50:23 +0000 |
commit | f770b829f4b363888b1af4bc7059bc45637a7ba2 (patch) | |
tree | ac1bbef57e495d3cc5f5f4400a1aad025f687cb3 | |
parent | 94502623fb8354ba0c88b9d1bc94bf940e0d5018 (diff) | |
download | rails-f770b829f4b363888b1af4bc7059bc45637a7ba2.tar.gz rails-f770b829f4b363888b1af4bc7059bc45637a7ba2.tar.bz2 rails-f770b829f4b363888b1af4bc7059bc45637a7ba2.zip |
Enhance explanation with more examples for attr_accessible macro. Closes #8095 [fearoffish, Marcel Molina]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8107 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-rw-r--r-- | activerecord/CHANGELOG | 2 | ||||
-rwxr-xr-x | activerecord/lib/active_record/base.rb | 31 |
2 files changed, 21 insertions, 12 deletions
diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG index 38547843db..072ca352e6 100644 --- a/activerecord/CHANGELOG +++ b/activerecord/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Enhance explanation with more examples for attr_accessible macro. Closes #8095 [fearoffish, Marcel Molina] + * Update association/method mapping table to refected latest collection methods for has_many :through. Closes #8772 [lifofifo] * Explain semantics of having several different AR instances in a transaction block. Closes #9036 [jacobat, Marcel Molina] diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 20c1f862b2..d7f0c4812b 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -645,24 +645,31 @@ module ActiveRecord #:nodoc: read_inheritable_attribute("attr_protected") end - # If this macro is used, only those attributes named in it will be accessible for mass-assignment, such as - # <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt>. This is the more conservative choice for mass-assignment - # protection. + # Similar to the attr_protected macro, this protects attributes of your model from mass-assignment, + # such as <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt> + # however, it does it in the opposite way. This locks all attributes and only allows access to the + # attributes specified. Assignment to attributes not in this list will be ignored and need to be set + # using the direct writer methods instead. This is meant to protect sensitive attributes from being + # overwritten by URL/form hackers. If you'd rather start from an all-open default and restrict + # attributes as needed, have a look at attr_protected. + # + # ==== Options # - # Example: + # <tt>*attributes</tt> A comma separated list of symbols that represent columns _not_ to be protected + # + # ==== Examples # # class Customer < ActiveRecord::Base - # attr_accessible :phone, :email + # attr_accessible :name, :nickname # end # - # Passing an empty argument list protects all attributes: - # - # class Product < ActiveRecord::Base - # attr_accessible # none - # end + # customer = Customer.new(:name => "David", :nickname => "Dave", :credit_rating => "Excellent") + # customer.credit_rating # => nil + # customer.attributes = { :name => "Jolly fellow", :credit_rating => "Superb" } + # customer.credit_rating # => nil # - # If you'd rather start from an all-open default and restrict attributes as needed, have a look at - # attr_protected. + # customer.credit_rating = "Average" + # customer.credit_rating # => "Average" def attr_accessible(*attributes) write_inheritable_array("attr_accessible", attributes - (accessible_attributes || [])) end |