diff options
| author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-05-08 16:42:00 +0200 |
|---|---|---|
| committer | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-05-08 16:43:29 +0200 |
| commit | b2451f4a7fa4fe20dff278edd33fe8a4b1d65be7 (patch) | |
| tree | 305ee339919672e28c9937b76420300de7221b0f /activerecord/lib | |
| parent | 9727dd1e385aaa188a198d86102a840ebcc625e8 (diff) | |
| download | rails-b2451f4a7fa4fe20dff278edd33fe8a4b1d65be7.tar.gz rails-b2451f4a7fa4fe20dff278edd33fe8a4b1d65be7.tar.bz2 rails-b2451f4a7fa4fe20dff278edd33fe8a4b1d65be7.zip | |
renamed mass-assignment scopes to roles, updated code, tests, docs and security guide
Diffstat (limited to 'activerecord/lib')
| -rw-r--r-- | activerecord/lib/active_record/base.rb | 12 | ||||
| -rw-r--r-- | activerecord/lib/active_record/persistence.rb | 2 |
2 files changed, 7 insertions, 7 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 78318b1be0..67af21c9a0 100644 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -482,7 +482,7 @@ module ActiveRecord #:nodoc: # # Create a single new object # User.create(:first_name => 'Jamie') # - # # Create a single new object using the :admin mass-assignment security scope + # # Create a single new object using the :admin mass-assignment security role # User.create({ :first_name => 'Jamie', :is_admin => true }, :as => :admin) # # # Create a single new object bypassing mass-assignment security @@ -1486,7 +1486,7 @@ MSG # # Instantiates a single new object # User.new(:first_name => 'Jamie') # - # # Instantiates a single new object using the :admin mass-assignment security scope + # # Instantiates a single new object using the :admin mass-assignment security role # User.new({ :first_name => 'Jamie', :is_admin => true }, :as => :admin) # # # Instantiates a single new object bypassing mass-assignment security @@ -1661,8 +1661,8 @@ MSG end # Allows you to set all the attributes for a particular mass-assignment - # security scope by passing in a hash of attributes with keys matching - # the attribute names (which again matches the column names) and the scope + # security role by passing in a hash of attributes with keys matching + # the attribute names (which again matches the column names) and the role # name using the :as option. # # To bypass mass-assignment security you can use the :without_protection => true @@ -1689,12 +1689,12 @@ MSG # user.is_admin? # => true def assign_attributes(new_attributes, options = {}) attributes = new_attributes.stringify_keys - scope = options[:as] || :default + role = options[:as] || :default multi_parameter_attributes = [] unless options[:without_protection] - attributes = sanitize_for_mass_assignment(attributes, scope) + attributes = sanitize_for_mass_assignment(attributes, role) end attributes.each do |k, v| diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb index b4531ed35f..b9041f44d8 100644 --- a/activerecord/lib/active_record/persistence.rb +++ b/activerecord/lib/active_record/persistence.rb @@ -146,7 +146,7 @@ module ActiveRecord # will fail and false will be returned. # # When updating model attributes, mass-assignment security protection is respected. - # If no +:as+ option is supplied then the +:default+ scope will be used. + # If no +:as+ option is supplied then the +:default+ role will be used. # If you want to bypass the protection given by +attr_protected+ and # +attr_accessible+ then you can do so using the +:without_protection+ option. def update_attributes(attributes, options = {}) |