jonleighton / restrict_params
- Source
- Commits
- Network (0)
- Issues (0)
- Downloads (0)
- Wiki (1)
- Graphs
-
Branch:
master
Restrict the params which we allow to get through to the action
| name | age | message | |
|---|---|---|---|
 |
MIT-LICENSE | Loading commit data...  |
|
| |
README.textile | ||
| |
Rakefile | ||
| |
init.rb | ||
| |
install.rb | ||
 |
lib/ | ||
| |
spec/ | ||
| |
tasks/ | ||
| |
uninstall.rb |
Restrict Params
Restrict Params is a Rails plugin which enables you to specify a finite set of keys
which can appear in the parameters being passed to an action.
Why?
If you use a RESTful architecture, you use the create and update actions to modify
resources. Depending on the access priveliges of the application, you might want to,
for example, allow admins to modify all attributes of a Company model, but only allow
general users to modify the “notes” attribute.
Example
class CompaniesController < ApplicationController
restrict_params :to => [:notes], :only => :update, :if => "!current_user.admin?"
endThe plugin will look at the class name of your controller and figure out that we need
to inspect params[:company]. If current_user.admin? is false, it will delete all items
from params[:company] except :notes.
See also
There is a similar merb plugin called
merb_param_protection.
