cjbottaro / param_protected

Description:	Filter unwanted params from your controllers/actions in your Rails app. Provides param_protected and param_accessible analogous to ActiveRecord's attr_protected and attr_accessible. edit
Homepage:	http://blog.stochasticbytes.com/2008/01/paramprotected.html edit
Public Clone URL:	git://github.com/cjbottaro/param_protected.git Give this clone URL to anyone. `git clone git://github.com/cjbottaro/param_protected.git`
Your Clone URL:	git@github.com:cjbottaro/param_protected.git Use this clone URL yourself. `git clone git@github.com:cjbottaro/param_protected.git`

Regenerated gemspec for version 1.1.0

cjbottaro (author)

Sat Sep 12 12:46:05 -0700 2009

commit 404484f432c0aace98008170d995169ebabdaf1c
tree 177ebdd4cf2403b5d2ba12cfdc6ba6d15552de83
parent 1f4327a1cfda116d47db96406d83a0fba870f459

param_protected /

name	age	history message
CHANGELOG	Sat Sep 12 12:43:51 -0700 2009	Refactored bulk of the implementation into the ... [cjbottaro]
README.rdoc	Sat Sep 12 12:43:51 -0700 2009	Refactored bulk of the implementation into the ... [cjbottaro]
Rakefile	Sat Sep 12 12:43:51 -0700 2009	Refactored bulk of the implementation into the ... [cjbottaro]
VERSION	Sat Sep 12 12:42:30 -0700 2009	Version bump to 1.1.0 [cjbottaro]
init.rb	Fri Sep 11 15:29:09 -0700 2009	Refactored tests to use plugin_test_helper. Ge... [cjbottaro]
install.rb	Sun May 18 19:45:13 -0700 2008	moving over from svn [Christopher J. Bottaro]
lib/	Sat Sep 12 12:43:51 -0700 2009	Refactored bulk of the implementation into the ... [cjbottaro]
param_protected.gemspec	Sat Sep 12 12:46:05 -0700 2009	Regenerated gemspec for version 1.1.0 [cjbottaro]
tasks/	Sun May 18 19:45:13 -0700 2008	moving over from svn [Christopher J. Bottaro]
test/	Sat Sep 12 12:43:51 -0700 2009	Refactored bulk of the implementation into the ... [cjbottaro]
uninstall.rb	Sun May 18 19:45:13 -0700 2008	moving over from svn [Christopher J. Bottaro]

README.rdoc

Summary

This plugin provides two class methods on ActiveController::Base that filter the params hash for that controller’s actions. You can think of them as the controller analog of attr_protected and attr_accessible.

Installation

Put in your environment.rb file…

  config.gem "cjbottaro-param_protected", :lib => "param_protected", :source => "http://gems.github.com"

Alternatively, just install the gem from the command line and require "param_protected" somewhere in your project.

Usage

 class YourController < ActiveController::Base
   param_protected <param_name> <options>
   param_accessible <param_name> <options>

   ...
 end

param_name can be a String, Symbol, or Array of Strings and/or Symbols.

options is a Hash that has one of two keys: :only or :except. The value for these keys is a String, Symbol, or Array of Strings and/or Symbols which denotes to the action(s) for which params to protect.

Examples

Blacklisting

Any of these combinations should work.

 param_protected :client_id
 param_protected [:client_id, :user_id]
 param_protected :client_id, :only => 'my_action'
 param_protected :client_id, :except => [:your_action, :my_action]

Whitelisting

Any of these combinations should work.

 param_accessible :client_id
 param_accessible :[:client_id, :user_id]
 param_accessible :client_id, :only => 'my_action'
 param_accessible :client_id, :except => [:your_action, :my_action]

Nested Params

You can use combinations of arrays and hashes to specify nested params, much the same way ActiveRecord::Base#find’s :include argument works.

 param_accessible [:account_name, { :user => [:first_name, :last_name, :address => [:street, :city, :state]] }]
 param_protected [:id, :password, { :user => [:id, :password] }]

How does it work?

It does an alias_method_chain on ActionController::Base#params that filters (and caches) the params. You can get the unfiltered, pristine params by calling ActionController::Base#params_without_protection.

Author

Christopher J. Bottaro