aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord
diff options
context:
space:
mode:
authorMichael Koziarski <michael@koziarski.com>2012-03-05 11:12:01 +1300
committerMichael Koziarski <michael@koziarski.com>2012-03-05 11:25:25 +1300
commit641a4f62405cc2765424320932902ed8076b5d38 (patch)
treec577b8d05d015f19a031a10bfce6ecb5dbccbadb /activerecord
parentc8f6025fd37c7b5c8922b11eb5ceba22e4650b59 (diff)
downloadrails-641a4f62405cc2765424320932902ed8076b5d38.tar.gz
rails-641a4f62405cc2765424320932902ed8076b5d38.tar.bz2
rails-641a4f62405cc2765424320932902ed8076b5d38.zip
Whitelist all attribute assignment by default.
Change the default for newly generated applications to whitelist all attribute assignment. Also update the generated model classes so users are reminded of the importance of attr_accessible.
Diffstat (limited to 'activerecord')
-rw-r--r--activerecord/lib/rails/generators/active_record/model/model_generator.rb4
-rw-r--r--activerecord/lib/rails/generators/active_record/model/templates/model.rb5
2 files changed, 9 insertions, 0 deletions
diff --git a/activerecord/lib/rails/generators/active_record/model/model_generator.rb b/activerecord/lib/rails/generators/active_record/model/model_generator.rb
index 99a022461e..f3bb70fb41 100644
--- a/activerecord/lib/rails/generators/active_record/model/model_generator.rb
+++ b/activerecord/lib/rails/generators/active_record/model/model_generator.rb
@@ -30,6 +30,10 @@ module ActiveRecord
attributes.select { |a| a.has_index? || (a.reference? && options[:indexes]) }
end
+ def accessible_attributes
+ attributes.reject(&:reference?)
+ end
+
hook_for :test_framework
protected
diff --git a/activerecord/lib/rails/generators/active_record/model/templates/model.rb b/activerecord/lib/rails/generators/active_record/model/templates/model.rb
index 5c47f8b241..d56f9f57a4 100644
--- a/activerecord/lib/rails/generators/active_record/model/templates/model.rb
+++ b/activerecord/lib/rails/generators/active_record/model/templates/model.rb
@@ -3,5 +3,10 @@ class <%= class_name %> < <%= parent_class_name.classify %>
<% attributes.select {|attr| attr.reference? }.each do |attribute| -%>
belongs_to :<%= attribute.name %>
<% end -%>
+<% if !accessible_attributes.empty? -%>
+ attr_accessible <%= accessible_attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>
+<% else -%>
+ # attr_accessible :title, :body
+<% end -%>
end
<% end -%>