Note: Builds off mass assignment refactoring patch. Doesn’t work with edge Rails yet.
Context-based mass assignment for Rails. Depends on ActiveRecord/MassAssignmentSecurity
sudo gem install mass_assign_more
Allows attr_accessible
to be temporarily expanded depending on the context. For example, an admin wishing to change their account should be able to mass assign more attributes than a non-admin.
Here’s one use case with a model. This could just as easily be a controller or any object. See /examples for details.
In examples/model.rb:
class Account < ActiveRecord::Base include MassAssignMore::Context belongs_to :user attr_accessible :name accessible_attributes[:admin] = [ :plan_id ] protected # Assumes User#role returns :admin when appropriate. def mass_assignment_context user.role if user end end @account.user.role # => nil @account.attributes = { :name => "Eric's Account", :plan_id => 5 } @account.attributes # => { :name => "Eric's Account" } @account.user.role = :admin @account.attributes = { :plan_id => 5 } @account.attributes # => { :name => "Eric's Account", :plan_id => 5 }
This project is hosted at github.com/eac/mass_assign_more. Feedback and enhancements can be directed that way.
-
Fork the project.
-
Make your feature addition or bug fix.
-
Add tests for it. This is important so I don’t break it in a future version unintentionally.
-
Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but
bump version in a commit by itself I can ignore when I pull)
-
Send me a pull request. Bonus points for topic branches.
Copyright © 2009 Eric Chapweske. See LICENSE for details.