diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2011-04-24 20:33:33 -0500 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2011-04-24 20:33:33 -0500 |
| commit | b306502286be1ea430a824edc2f1434bf4a86389 (patch) | |
| tree | 057fb2ecc0382f05aff1947dc8be559cfb19de2a /activerecord/lib | |
| parent | 8d7efe6a4e25b8707d46006cf20f6ce499e83780 (diff) | |
| parent | bf40c729c6930ffc711760948701e5edf3edb25b (diff) | |
| download | rails-b306502286be1ea430a824edc2f1434bf4a86389.tar.gz rails-b306502286be1ea430a824edc2f1434bf4a86389.tar.bz2 rails-b306502286be1ea430a824edc2f1434bf4a86389.zip | |
Merge branch 'master' of github.com:rails/rails
Diffstat (limited to 'activerecord/lib')
| -rw-r--r-- | activerecord/lib/active_record/base.rb | 41 | ||||
| -rw-r--r-- | activerecord/lib/active_record/railtie.rb | 3 |
2 files changed, 43 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 9a01d793f9..4512e8c8ad 100644 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -1640,10 +1640,49 @@ end # user.is_admin? # => true def attributes=(new_attributes, guard_protected_attributes = true) return unless new_attributes.is_a?(Hash) + if guard_protected_attributes + assign_attributes(new_attributes) + else + assign_attributes(new_attributes, :without_protection => true) + end + end + + # Allows you to set all the attributes for a particular mass-assignment + # security scope by passing in a hash of attributes with keys matching + # the attribute names (which again matches the column names) and the scope + # name using the :as option. + # + # To bypass mass-assignment security you can use the :without_protection => true + # option. + # + # class User < ActiveRecord::Base + # attr_accessible :name + # attr_accessible :name, :is_admin, :as => :admin + # end + # + # user = User.new + # user.assign_attributes({ :name => 'Josh', :is_admin => true }) + # user.name # => "Josh" + # user.is_admin? # => false + # + # user = User.new + # user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin) + # user.name # => "Josh" + # user.is_admin? # => true + # + # user = User.new + # user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true) + # user.name # => "Josh" + # user.is_admin? # => true + def assign_attributes(new_attributes, options = {}) attributes = new_attributes.stringify_keys + scope = options[:as] || :default multi_parameter_attributes = [] - attributes = sanitize_for_mass_assignment(attributes) if guard_protected_attributes + + unless options[:without_protection] + attributes = sanitize_for_mass_assignment(attributes, scope) + end attributes.each do |k, v| if k.include?("(") diff --git a/activerecord/lib/active_record/railtie.rb b/activerecord/lib/active_record/railtie.rb index cace6f0cc0..d38588519b 100644 --- a/activerecord/lib/active_record/railtie.rb +++ b/activerecord/lib/active_record/railtie.rb @@ -50,6 +50,9 @@ module ActiveRecord initializer "active_record.set_configs" do |app| ActiveSupport.on_load(:active_record) do + if app.config.active_record.delete(:whitelist_attributes) + attr_accessible(nil) + end app.config.active_record.each do |k,v| send "#{k}=", v end |