diff options
author | Michael Koziarski <michael@koziarski.com> | 2012-03-05 11:12:01 +1300 |
---|---|---|
committer | Michael Koziarski <michael@koziarski.com> | 2012-03-05 11:12:01 +1300 |
commit | 06a3a8a458e70c1b6531ac53c57a302b162fd736 (patch) | |
tree | 2580b09e645f4e34945a13db836970dc94e6981d /activerecord | |
parent | 864d755177d6cb9c46a64c6d55e7c48122f1d453 (diff) | |
download | rails-06a3a8a458e70c1b6531ac53c57a302b162fd736.tar.gz rails-06a3a8a458e70c1b6531ac53c57a302b162fd736.tar.bz2 rails-06a3a8a458e70c1b6531ac53c57a302b162fd736.zip |
Whitelist all attribute assignment by default.
Change the default for newly generated applications to whitelist all attribute assignment. Also update the generated model classes so users are reminded of the importance of attr_accessible.
Diffstat (limited to 'activerecord')
-rw-r--r-- | activerecord/lib/rails/generators/active_record/model/model_generator.rb | 4 | ||||
-rw-r--r-- | activerecord/lib/rails/generators/active_record/model/templates/model.rb | 5 |
2 files changed, 9 insertions, 0 deletions
diff --git a/activerecord/lib/rails/generators/active_record/model/model_generator.rb b/activerecord/lib/rails/generators/active_record/model/model_generator.rb index 99a022461e..f3bb70fb41 100644 --- a/activerecord/lib/rails/generators/active_record/model/model_generator.rb +++ b/activerecord/lib/rails/generators/active_record/model/model_generator.rb @@ -30,6 +30,10 @@ module ActiveRecord attributes.select { |a| a.has_index? || (a.reference? && options[:indexes]) } end + def accessible_attributes + attributes.reject(&:reference?) + end + hook_for :test_framework protected diff --git a/activerecord/lib/rails/generators/active_record/model/templates/model.rb b/activerecord/lib/rails/generators/active_record/model/templates/model.rb index 5c47f8b241..d56f9f57a4 100644 --- a/activerecord/lib/rails/generators/active_record/model/templates/model.rb +++ b/activerecord/lib/rails/generators/active_record/model/templates/model.rb @@ -3,5 +3,10 @@ class <%= class_name %> < <%= parent_class_name.classify %> <% attributes.select {|attr| attr.reference? }.each do |attribute| -%> belongs_to :<%= attribute.name %> <% end -%> +<% if !accessible_attributes.empty? -%> + attr_accessible <%= accessible_attributes.map {|a| ":#{a.name}" }.sort.join(', ') %> +<% else -%> + # attr_accessible :title, :body +<% end -%> end <% end -%> |