diff options
| author | Jon Leighton <j@jonathanleighton.com> | 2011-12-28 15:38:16 +0000 |
|---|---|---|
| committer | Jon Leighton <j@jonathanleighton.com> | 2011-12-28 18:27:41 +0000 |
| commit | 93c1f11c0a5097a5431819a1551a02a869a16a38 (patch) | |
| tree | fd88de442e03a600df63387dc4b2389e9c861c7b /activemodel/lib/active_model/mass_assignment_security.rb | |
| parent | afe6e059ea216f01d160e4603116356b78df12e5 (diff) | |
| download | rails-93c1f11c0a5097a5431819a1551a02a869a16a38.tar.gz rails-93c1f11c0a5097a5431819a1551a02a869a16a38.tar.bz2 rails-93c1f11c0a5097a5431819a1551a02a869a16a38.zip | |
Support configuration on ActiveRecord::Model.
The problem: We need to be able to specify configuration in a way that
can be inherited to models that include ActiveRecord::Model. So it is
no longer sufficient to put 'top level' config on ActiveRecord::Base,
but we do want configuration specified on ActiveRecord::Base and
descendants to continue to work.
So we need something like class_attribute that can be defined on a
module but that is inherited when ActiveRecord::Model is included.
The solution: added ActiveModel::Configuration module which provides a
config_attribute macro. It's a bit specific hence I am not putting this
in Active Support or making it a 'public API' at present.
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security.rb')
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security.rb | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb index c895968f77..9b12d9d281 100644 --- a/activemodel/lib/active_model/mass_assignment_security.rb +++ b/activemodel/lib/active_model/mass_assignment_security.rb @@ -10,11 +10,13 @@ module ActiveModel extend ActiveSupport::Concern included do - class_attribute :_accessible_attributes - class_attribute :_protected_attributes - class_attribute :_active_authorizer + extend ActiveModel::Configuration - class_attribute :_mass_assignment_sanitizer + config_attribute :_accessible_attributes + config_attribute :_protected_attributes + config_attribute :_active_authorizer + + config_attribute :_mass_assignment_sanitizer self.mass_assignment_sanitizer = :logger end @@ -56,7 +58,7 @@ module ActiveModel # You can specify your own sanitizer object eg. MySanitizer.new. # See <tt>ActiveModel::MassAssignmentSecurity::LoggerSanitizer</tt> for example implementation. # - # + # module ClassMethods # Attributes named in this macro are protected from mass-assignment # whenever attributes are sanitized before assignment. A role for the @@ -70,13 +72,13 @@ module ActiveModel # # class Customer # include ActiveModel::MassAssignmentSecurity - # + # # attr_accessor :name, :email, :logins_count - # + # # attr_protected :logins_count # # Suppose that admin can not change email for customer - # attr_protected :logins_count, :email, :as => :admin - # + # attr_protected :logins_count, :email, :as => :admin + # # def assign_attributes(values, options = {}) # sanitize_for_mass_assignment(values, options[:as]).each do |k, v| # send("#{k}=", v) @@ -99,7 +101,7 @@ module ActiveModel # customer.name # => "David" # customer.email # => nil # customer.logins_count # => nil - # + # # customer.email = "c@d.com" # customer.email # => "c@d.com" # |