diff options
author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-04-25 23:56:06 +0200 |
---|---|---|
committer | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-04-25 23:57:09 +0200 |
commit | f9d5a7bb8c5d224f689dafb4ff641e2ced244f03 (patch) | |
tree | 80204955bb82e9f972606514da2710796628225d /activerecord/lib/active_record/base.rb | |
parent | 873c13fc0ddc35e64a6b3abc8bde9721bd12b6b7 (diff) | |
download | rails-f9d5a7bb8c5d224f689dafb4ff641e2ced244f03.tar.gz rails-f9d5a7bb8c5d224f689dafb4ff641e2ced244f03.tar.bz2 rails-f9d5a7bb8c5d224f689dafb4ff641e2ced244f03.zip |
deprecated the use of the guard_protected_attributes argument with attributes= in AR in favor of assign_attributes(attrs, :without_protection => true)
Diffstat (limited to 'activerecord/lib/active_record/base.rb')
-rw-r--r-- | activerecord/lib/active_record/base.rb | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 4512e8c8ad..04c12f86b6 100644 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -1621,11 +1621,11 @@ end # Allows you to set all the attributes at once by passing in a hash with keys # matching the attribute names (which again matches the column names). # - # If +guard_protected_attributes+ is true (the default), then sensitive - # attributes can be protected from this form of mass-assignment by using - # the +attr_protected+ macro. Or you can alternatively specify which - # attributes *can* be accessed with the +attr_accessible+ macro. Then all the - # attributes not included in that won't be allowed to be mass-assigned. + # If any attributes are protected by either +attr_protected+ or + # +attr_accessible+ then only settable attributes will be assigned. + # + # The +guard_protected_attributes+ argument is now deprecated, use + # the +assign_attributes+ method if you want to bypass mass-assignment security. # # class User < ActiveRecord::Base # attr_protected :is_admin @@ -1635,11 +1635,16 @@ end # user.attributes = { :username => 'Phusion', :is_admin => true } # user.username # => "Phusion" # user.is_admin? # => false - # - # user.send(:attributes=, { :username => 'Phusion', :is_admin => true }, false) - # user.is_admin? # => true - def attributes=(new_attributes, guard_protected_attributes = true) + def attributes=(new_attributes, guard_protected_attributes = nil) + unless guard_protected_attributes.nil? + message = "the use of 'guard_protected_attributes' will be removed from the next major release of rails, " + + "if you want to bypass mass-assignment security then look into using assign_attributes" + ActiveSupport::Deprecation.warn(message) + end + return unless new_attributes.is_a?(Hash) + + guard_protected_attributes ||= true if guard_protected_attributes assign_attributes(new_attributes) else |