From b2451f4a7fa4fe20dff278edd33fe8a4b1d65be7 Mon Sep 17 00:00:00 2001 From: Josh Kalderimis Date: Sun, 8 May 2011 16:42:00 +0200 Subject: renamed mass-assignment scopes to roles, updated code, tests, docs and security guide --- activerecord/lib/active_record/base.rb | 12 ++++++------ activerecord/lib/active_record/persistence.rb | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'activerecord/lib') diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 78318b1be0..67af21c9a0 100644 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -482,7 +482,7 @@ module ActiveRecord #:nodoc: # # Create a single new object # User.create(:first_name => 'Jamie') # - # # Create a single new object using the :admin mass-assignment security scope + # # Create a single new object using the :admin mass-assignment security role # User.create({ :first_name => 'Jamie', :is_admin => true }, :as => :admin) # # # Create a single new object bypassing mass-assignment security @@ -1486,7 +1486,7 @@ MSG # # Instantiates a single new object # User.new(:first_name => 'Jamie') # - # # Instantiates a single new object using the :admin mass-assignment security scope + # # Instantiates a single new object using the :admin mass-assignment security role # User.new({ :first_name => 'Jamie', :is_admin => true }, :as => :admin) # # # Instantiates a single new object bypassing mass-assignment security @@ -1661,8 +1661,8 @@ MSG end # Allows you to set all the attributes for a particular mass-assignment - # security scope by passing in a hash of attributes with keys matching - # the attribute names (which again matches the column names) and the scope + # security role by passing in a hash of attributes with keys matching + # the attribute names (which again matches the column names) and the role # name using the :as option. # # To bypass mass-assignment security you can use the :without_protection => true @@ -1689,12 +1689,12 @@ MSG # user.is_admin? # => true def assign_attributes(new_attributes, options = {}) attributes = new_attributes.stringify_keys - scope = options[:as] || :default + role = options[:as] || :default multi_parameter_attributes = [] unless options[:without_protection] - attributes = sanitize_for_mass_assignment(attributes, scope) + attributes = sanitize_for_mass_assignment(attributes, role) end attributes.each do |k, v| diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb index b4531ed35f..b9041f44d8 100644 --- a/activerecord/lib/active_record/persistence.rb +++ b/activerecord/lib/active_record/persistence.rb @@ -146,7 +146,7 @@ module ActiveRecord # will fail and false will be returned. # # When updating model attributes, mass-assignment security protection is respected. - # If no +:as+ option is supplied then the +:default+ scope will be used. + # If no +:as+ option is supplied then the +:default+ role will be used. # If you want to bypass the protection given by +attr_protected+ and # +attr_accessible+ then you can do so using the +:without_protection+ option. def update_attributes(attributes, options = {}) -- cgit v1.2.3