1 files changed, 20 insertions, 17 deletions

diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb
index 3f9feb7631..9b12d9d281 100644
--- a/activemodel/lib/active_model/mass_assignment_security.rb
+++ b/activemodel/lib/active_model/mass_assignment_security.rb
@@ -10,11 +10,13 @@ module ActiveModel
     extend ActiveSupport::Concern
 
     included do
-      class_attribute :_accessible_attributes
-      class_attribute :_protected_attributes
-      class_attribute :_active_authorizer
+      extend ActiveModel::Configuration
 
-      class_attribute :_mass_assignment_sanitizer
+      config_attribute :_accessible_attributes
+      config_attribute :_protected_attributes
+      config_attribute :_active_authorizer
+
+      config_attribute :_mass_assignment_sanitizer
       self.mass_assignment_sanitizer = :logger
     end
 
@@ -56,7 +58,7 @@ module ActiveModel
     # You can specify your own sanitizer object eg. MySanitizer.new.
     # See <tt>ActiveModel::MassAssignmentSecurity::LoggerSanitizer</tt> for example implementation.
     #
-    # 
+    #
     module ClassMethods
       # Attributes named in this macro are protected from mass-assignment
       # whenever attributes are sanitized before assignment. A role for the
@@ -71,10 +73,11 @@ module ActiveModel
       #   class Customer
       #     include ActiveModel::MassAssignmentSecurity
       #
-      #     attr_accessor :name, :credit_rating
+      #     attr_accessor :name, :email, :logins_count
       #
-      #     attr_protected :credit_rating, :last_login
-      #     attr_protected :last_login, :as => :admin
+      #     attr_protected :logins_count
+      #     # Suppose that admin can not change email for customer
+      #     attr_protected :logins_count, :email, :as => :admin
       #
       #     def assign_attributes(values, options = {})
       #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
@@ -86,21 +89,21 @@ module ActiveModel
       # When using the :default role :
       #
       #   customer = Customer.new
-      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
+      #   customer.assign_attributes({ "name" => "David", "email" => "a@b.com", :logins_count => 5 }, :as => :default)
       #   customer.name          # => "David"
-      #   customer.credit_rating # => nil
-      #   customer.last_login    # => nil
-      #
-      #   customer.credit_rating = "Average"
-      #   customer.credit_rating # => "Average"
+      #   customer.email # => "a@b.com"
+      #   customer.logins_count    # => nil
       #
       # And using the :admin role :
       #
       #   customer = Customer.new
-      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
+      #   customer.assign_attributes({ "name" => "David", "email" => "a@b.com", :logins_count => 5}, :as => :admin)
       #   customer.name          # => "David"
-      #   customer.credit_rating # => "Excellent"
-      #   customer.last_login    # => nil
+      #   customer.email # => nil
+      #   customer.logins_count    # => nil
+      #
+      #   customer.email = "c@d.com"
+      #   customer.email # => "c@d.com"
       #
       # To start from an all-closed default and enable attributes as needed,
       # have a look at +attr_accessible+.