diff options
Diffstat (limited to 'activemodel/lib/active_model/forbidden_attributes_protection.rb')
| -rw-r--r-- | activemodel/lib/active_model/forbidden_attributes_protection.rb | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/activemodel/lib/active_model/forbidden_attributes_protection.rb b/activemodel/lib/active_model/forbidden_attributes_protection.rb new file mode 100644 index 0000000000..4b37f80c52 --- /dev/null +++ b/activemodel/lib/active_model/forbidden_attributes_protection.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module ActiveModel + # Raised when forbidden attributes are used for mass assignment. + # + # class Person < ActiveRecord::Base + # end + # + # params = ActionController::Parameters.new(name: 'Bob') + # Person.new(params) + # # => ActiveModel::ForbiddenAttributesError + # + # params.permit! + # Person.new(params) + # # => #<Person id: nil, name: "Bob"> + class ForbiddenAttributesError < StandardError + end + + module ForbiddenAttributesProtection # :nodoc: + private + def sanitize_for_mass_assignment(attributes) + if attributes.respond_to?(:permitted?) + raise ActiveModel::ForbiddenAttributesError if !attributes.permitted? + attributes.to_h + else + attributes + end + end + alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment + end +end |