activemodel/lib/active_model/mass_assignment_security/sanitizer.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

module ActiveModel
  module MassAssignmentSecurity
    module Sanitizer

      # Returns all attributes not denied by the authorizer.
      def sanitize(attributes)
        sanitized_attributes = attributes.reject { |key, value| deny?(key) }
        debug_protected_attribute_removal(attributes, sanitized_attributes) if debug?
        sanitized_attributes
      end

      protected

        def debug_protected_attribute_removal(attributes, sanitized_attributes)
          removed_keys = attributes.keys - sanitized_attributes.keys
          warn!(removed_keys) if removed_keys.any?
        end

        def debug?
          self.logger.present?
        end

        def warn!(attrs)
          self.logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}"
        end

    end
  end
end