From 06a3a8a458e70c1b6531ac53c57a302b162fd736 Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Mon, 5 Mar 2012 11:12:01 +1300 Subject: Whitelist all attribute assignment by default. Change the default for newly generated applications to whitelist all attribute assignment. Also update the generated model classes so users are reminded of the importance of attr_accessible. --- .../lib/rails/generators/active_record/model/model_generator.rb | 4 ++++ .../lib/rails/generators/active_record/model/templates/model.rb | 5 +++++ 2 files changed, 9 insertions(+) (limited to 'activerecord/lib') diff --git a/activerecord/lib/rails/generators/active_record/model/model_generator.rb b/activerecord/lib/rails/generators/active_record/model/model_generator.rb index 99a022461e..f3bb70fb41 100644 --- a/activerecord/lib/rails/generators/active_record/model/model_generator.rb +++ b/activerecord/lib/rails/generators/active_record/model/model_generator.rb @@ -30,6 +30,10 @@ module ActiveRecord attributes.select { |a| a.has_index? || (a.reference? && options[:indexes]) } end + def accessible_attributes + attributes.reject(&:reference?) + end + hook_for :test_framework protected diff --git a/activerecord/lib/rails/generators/active_record/model/templates/model.rb b/activerecord/lib/rails/generators/active_record/model/templates/model.rb index 5c47f8b241..d56f9f57a4 100644 --- a/activerecord/lib/rails/generators/active_record/model/templates/model.rb +++ b/activerecord/lib/rails/generators/active_record/model/templates/model.rb @@ -3,5 +3,10 @@ class <%= class_name %> < <%= parent_class_name.classify %> <% attributes.select {|attr| attr.reference? }.each do |attribute| -%> belongs_to :<%= attribute.name %> <% end -%> +<% if !accessible_attributes.empty? -%> + attr_accessible <%= accessible_attributes.map {|a| ":#{a.name}" }.sort.join(', ') %> +<% else -%> + # attr_accessible :title, :body +<% end -%> end <% end -%> -- cgit v1.2.3