Add docs explaining how to protect all attributes using attr_accessible with no arguments. Closes #9631 [boone, rmm5t]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8032 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

1 files changed, 17 insertions, 1 deletions

diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 48517d2ca8..386f4912e4 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -623,6 +623,8 @@ module ActiveRecord #:nodoc:
       #
       #   customer.credit_rating = "Average"
       #   customer.credit_rating # => "Average"
+      #
+      # To start from an all-closed default and enable attributes as needed, have a look at attr_accessible.
       def attr_protected(*attributes)
         write_inheritable_array("attr_protected", attributes - (protected_attributes || []))
       end
@@ -634,7 +636,21 @@ module ActiveRecord #:nodoc:
 
       # If this macro is used, only those attributes named in it will be accessible for mass-assignment, such as
       # <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt>. This is the more conservative choice for mass-assignment
-      # protection. If you'd rather start from an all-open default and restrict attributes as needed, have a look at
+      # protection.
+      #
+      # Example:
+      #
+      #   class Customer < ActiveRecord::Base
+      #     attr_accessible :phone, :email
+      #   end
+      #
+      # Passing an empty argument list protects all attributes:
+      #
+      #   class Product < ActiveRecord::Base
+      #     attr_accessible # none
+      #   end
+      #
+      # If you'd rather start from an all-open default and restrict attributes as needed, have a look at
       # attr_protected.
       def attr_accessible(*attributes)
         write_inheritable_array("attr_accessible", attributes - (accessible_attributes || []))