diff options
| author | José Valim <jose.valim@gmail.com> | 2011-05-31 03:09:23 -0700 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2011-05-31 03:09:23 -0700 |
| commit | 16384351526bc5c4d064d6f4c720b8641acf125c (patch) | |
| tree | 8bcaceb86f1db83b1ba9057fff426b8b6cf27a17 /activemodel/lib/active_model/mass_assignment_security.rb | |
| parent | 752dec941e3dbceb8c7298adba10c2c776752a64 (diff) | |
| parent | aa2639e746d8af5d7673bbbbbccbe868edeb0161 (diff) | |
| download | rails-16384351526bc5c4d064d6f4c720b8641acf125c.tar.gz rails-16384351526bc5c4d064d6f4c720b8641acf125c.tar.bz2 rails-16384351526bc5c4d064d6f4c720b8641acf125c.zip | |
Merge pull request #1403 from bogdan/config
ActiveModel::MassAssignmentSecurity.mass_assignment_sanitizer method
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security.rb')
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security.rb | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb index cc30609f2b..e3c9097646 100644 --- a/activemodel/lib/active_model/mass_assignment_security.rb +++ b/activemodel/lib/active_model/mass_assignment_security.rb @@ -11,7 +11,13 @@ module ActiveModel class_attribute :_accessible_attributes class_attribute :_protected_attributes class_attribute :_active_authorizer - class_attribute :mass_assignment_sanitizer + + class_attribute :mass_assignment_sanitizer, :mass_assignment_sanitizers + self.mass_assignment_sanitizer = :logger + self.mass_assignment_sanitizers = { + :logger => LoggerSanitizer.new(self.respond_to?(:logger) && self.logger), + :strict => StrictSanitizer.new + } end # Mass assignment security provides an interface for protecting attributes @@ -43,6 +49,16 @@ module ActiveModel # # end # + # = Configuration options + # + # * <tt>mass_assignment_sanitizer</tt> - Defines sanitize method. Possible values are: + # * <tt>:logger</tt> (default) - writes filtered attributes to logger + # * <tt>:strict</tt> - raise <tt>ActiveModel::MassAssignmentSecurity::Error</tt> on any protected attribute update + # + # You can specify your own sanitizer object eg. MySanitizer.new. + # See <tt>ActiveModel::MassAssignmentSecurity::LoggerSanitizer</tt> for example implementation. + # + # module ClassMethods # Attributes named in this macro are protected from mass-assignment # whenever attributes are sanitized before assignment. A role for the @@ -199,11 +215,13 @@ module ActiveModel protected def sanitize_for_mass_assignment(attributes, role = :default) - (mass_assignment_sanitizer || default_mass_assignment_sanitizer).sanitize(attributes, mass_assignment_authorizer(role)) - end - - def default_mass_assignment_sanitizer - DefaultSanitizer.new(self.respond_to?(:logger) && self.logger) + sanitizer = case mass_assignment_sanitizer + when Symbol + self.mass_assignment_sanitizers[mass_assignment_sanitizer] + else + mass_assignment_sanitizer + end + sanitizer.sanitize(attributes, mass_assignment_authorizer(role)) end def mass_assignment_authorizer(role = :default) |