From 3759e328822adc836c7eed625c2c350972744bfe Mon Sep 17 00:00:00 2001 From: Francesco Rodriguez Date: Thu, 20 Sep 2012 00:08:21 -0500 Subject: add :nodoc: directives to AMo::DeprecatedMassAssignmentSecurity [ci skip] --- activemodel/lib/active_model/deprecated_mass_assignment_security.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/activemodel/lib/active_model/deprecated_mass_assignment_security.rb b/activemodel/lib/active_model/deprecated_mass_assignment_security.rb index 16b8466e55..c25cd9367d 100644 --- a/activemodel/lib/active_model/deprecated_mass_assignment_security.rb +++ b/activemodel/lib/active_model/deprecated_mass_assignment_security.rb @@ -1,15 +1,15 @@ module ActiveModel - module DeprecatedMassAssignmentSecurity + module DeprecatedMassAssignmentSecurity # :nodoc: extend ActiveSupport::Concern module ClassMethods - def attr_protected(*args) + def attr_protected(*args) # :nodoc: raise "`attr_protected` is extracted out of Rails into a gem. " \ "Please use new recommended protection model for params " \ "or add `protected_attributes` to your Gemfile to use old one." end - def attr_accessible(*args) + def attr_accessible(*args) # :nodoc: raise "`attr_accessible` is extracted out of Rails into a gem. " \ "Please use new recommended protection model for params " \ "or add `protected_attributes` to your Gemfile to use old one." -- cgit v1.2.3 From 00da7c605dc99fd9bcc714e836308becd842a9d1 Mon Sep 17 00:00:00 2001 From: Francesco Rodriguez Date: Thu, 20 Sep 2012 11:24:53 -0500 Subject: fix typos and improve AC::StrongParameters documentation [ci skip] --- .../lib/action_controller/metal/strong_parameters.rb | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 24768b23a8..55cc62a15e 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -271,9 +271,9 @@ module ActionController # == Strong Parameters # - # It provides an interface for proctecting attributes from end-user - # assignment. This makes Action Controller parameters are forbidden - # to be used in Active Model mass assignmets until they have been + # It provides an interface for protecting attributes from end-user + # assignment. This makes Action Controller parameters forbidden + # to be used in Active Model mass assignment until they have been # whitelisted. # # In addition, parameters can be marked as required and flow through a @@ -281,10 +281,12 @@ module ActionController # effort. # # class PeopleController < ActionController::Base - # # This will raise an ActiveModel::ForbiddenAttributes exception because - # # it's using mass assignment without an explicit permit step. + # # Using "Person.create(params[:person])" would raise an + # # ActiveModel::ForbiddenAttributes exception because it'd + # # be using mass assignment without an explicit permit step. + # # This is the recommended form: # def create - # Person.create(params[:person]) + # Person.create(person_params) # end # # # This will pass with flying colors as long as there's a person key in the -- cgit v1.2.3 From 1e56f1f14c7b033a6d180514c83e61193812fede Mon Sep 17 00:00:00 2001 From: Francesco Rodriguez Date: Thu, 20 Sep 2012 11:47:32 -0500 Subject: update AMo::ForbiddenAttributesError documentation [ci skip] --- .../lib/active_model/forbidden_attributes_protection.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/activemodel/lib/active_model/forbidden_attributes_protection.rb b/activemodel/lib/active_model/forbidden_attributes_protection.rb index a5e4c4f650..f4c5d536eb 100644 --- a/activemodel/lib/active_model/forbidden_attributes_protection.rb +++ b/activemodel/lib/active_model/forbidden_attributes_protection.rb @@ -1,4 +1,16 @@ module ActiveModel + # Raised when forbidden attributes are used for mass assignment. + # + # class Person < ActiveRecord::Base + # end + # + # params = ActionController::Parameters.new(name: 'Bob') + # Person.new(params) + # # => ActiveModel::ForbiddenAttributesError + # + # params.permit! + # Person.new(params) + # # => # class ForbiddenAttributesError < StandardError end -- cgit v1.2.3 From 6783c3f449f9c80268905fe79e444f40d1b2f883 Mon Sep 17 00:00:00 2001 From: Francesco Rodriguez Date: Thu, 20 Sep 2012 12:14:29 -0500 Subject: change AMo::ForbiddenAttributesProtection#sanitize_for_mass_assignment to protected --- .../lib/active_model/forbidden_attributes_protection.rb | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/activemodel/lib/active_model/forbidden_attributes_protection.rb b/activemodel/lib/active_model/forbidden_attributes_protection.rb index f4c5d536eb..4c05b19cba 100644 --- a/activemodel/lib/active_model/forbidden_attributes_protection.rb +++ b/activemodel/lib/active_model/forbidden_attributes_protection.rb @@ -14,13 +14,14 @@ module ActiveModel class ForbiddenAttributesError < StandardError end - module ForbiddenAttributesProtection - def sanitize_for_mass_assignment(attributes, options = {}) - if attributes.respond_to?(:permitted?) && !attributes.permitted? - raise ActiveModel::ForbiddenAttributesError - else - attributes + module ForbiddenAttributesProtection # :nodoc: + protected + def sanitize_for_mass_assignment(attributes, options = {}) + if attributes.respond_to?(:permitted?) && !attributes.permitted? + raise ActiveModel::ForbiddenAttributesError + else + attributes + end end - end end end -- cgit v1.2.3 From 356eed9c6034064c097cf607588185b1c526d93b Mon Sep 17 00:00:00 2001 From: Francesco Rodriguez Date: Thu, 20 Sep 2012 12:14:53 -0500 Subject: add :nodoc: to AMo::DeprecatedMassAssignmentSecurity::ClassMethods [ci skip] --- activemodel/lib/active_model/deprecated_mass_assignment_security.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/activemodel/lib/active_model/deprecated_mass_assignment_security.rb b/activemodel/lib/active_model/deprecated_mass_assignment_security.rb index c25cd9367d..2ea69991fc 100644 --- a/activemodel/lib/active_model/deprecated_mass_assignment_security.rb +++ b/activemodel/lib/active_model/deprecated_mass_assignment_security.rb @@ -2,14 +2,14 @@ module ActiveModel module DeprecatedMassAssignmentSecurity # :nodoc: extend ActiveSupport::Concern - module ClassMethods - def attr_protected(*args) # :nodoc: + module ClassMethods # :nodoc: + def attr_protected(*args) raise "`attr_protected` is extracted out of Rails into a gem. " \ "Please use new recommended protection model for params " \ "or add `protected_attributes` to your Gemfile to use old one." end - def attr_accessible(*args) # :nodoc: + def attr_accessible(*args) raise "`attr_accessible` is extracted out of Rails into a gem. " \ "Please use new recommended protection model for params " \ "or add `protected_attributes` to your Gemfile to use old one." -- cgit v1.2.3