diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2011-05-01 16:59:33 -0700 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2011-05-01 16:59:33 -0700 |
| commit | a8861c8f5b57ea653e1518325a686fd97995aef4 (patch) | |
| tree | a0d348d1b99ec15c6601d6f47a5a84365e06e93d /activerecord/lib/active_record/base.rb | |
| parent | 32ef3ccaa6beae4ef73969f51d5159f4cc4d9ff7 (diff) | |
| parent | 86d7ed33754f80690395309dd307c6d9ecc0022f (diff) | |
| download | rails-a8861c8f5b57ea653e1518325a686fd97995aef4.tar.gz rails-a8861c8f5b57ea653e1518325a686fd97995aef4.tar.bz2 rails-a8861c8f5b57ea653e1518325a686fd97995aef4.zip | |
Merge pull request #357 from joshk/assign_attributes.
Assign protected attributes with create/new and control the role.
Diffstat (limited to 'activerecord/lib/active_record/base.rb')
| -rw-r--r-- | activerecord/lib/active_record/base.rb | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 8d17e3e2c6..1919ceb158 100644 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -475,10 +475,19 @@ module ActiveRecord #:nodoc: # The +attributes+ parameter can be either be a Hash or an Array of Hashes. These Hashes describe the # attributes on the objects that are to be created. # + # +create+ respects mass-assignment security and accepts either +:as+ or +:without_protection+ options + # in the +options+ parameter. + # # ==== Examples # # Create a single new object # User.create(:first_name => 'Jamie') # + # # Create a single new object using the :admin mass-assignment security scope + # User.create({ :first_name => 'Jamie', :is_admin => true }, :as => :admin) + # + # # Create a single new object bypassing mass-assignment security + # User.create({ :first_name => 'Jamie', :is_admin => true }, :without_protection => true) + # # # Create an Array of new objects # User.create([{ :first_name => 'Jamie' }, { :first_name => 'Jeremy' }]) # @@ -491,11 +500,11 @@ module ActiveRecord #:nodoc: # User.create([{ :first_name => 'Jamie' }, { :first_name => 'Jeremy' }]) do |u| # u.is_admin = false # end - def create(attributes = nil, &block) + def create(attributes = nil, options = {}, &block) if attributes.is_a?(Array) - attributes.collect { |attr| create(attr, &block) } + attributes.collect { |attr| create(attr, options, &block) } else - object = new(attributes) + object = new(attributes, options) yield(object) if block_given? object.save object @@ -1465,7 +1474,20 @@ MSG # attributes but not yet saved (pass a hash with key names matching the associated table column names). # In both instances, valid attribute keys are determined by the column names of the associated table -- # hence you can't have attributes that aren't part of the table columns. - def initialize(attributes = nil) + # + # +initialize+ respects mass-assignment security and accepts either +:as+ or +:without_protection+ options + # in the +options+ parameter. + # + # ==== Examples + # # Instantiates a single new object + # User.new(:first_name => 'Jamie') + # + # # Instantiates a single new object using the :admin mass-assignment security scope + # User.new({ :first_name => 'Jamie', :is_admin => true }, :as => :admin) + # + # # Instantiates a single new object bypassing mass-assignment security + # User.new({ :first_name => 'Jamie', :is_admin => true }, :without_protection => true) + def initialize(attributes = nil, options = {}) @attributes = attributes_from_column_definition @association_cache = {} @aggregation_cache = {} @@ -1481,7 +1503,8 @@ MSG set_serialized_attributes populate_with_current_scope_attributes - self.attributes = attributes unless attributes.nil? + + assign_attributes(attributes, options) if attributes result = yield self if block_given? run_callbacks :initialize |