This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
commit 6edfa686a1b24c150c9d9abebf323eb8a53f972c
tree 4060942c937641b5bdedfb3ebf236f1a14b41a5d
parent d7ed285cc9436cf1d9cbbf74ebfe9a501687e367
tree 4060942c937641b5bdedfb3ebf236f1a14b41a5d
parent d7ed285cc9436cf1d9cbbf74ebfe9a501687e367
| name | age | message | |
|---|---|---|---|
 |
MIT-LICENSE | Loading commit data...  |
|
| |
README.textile | ||
| |
Rakefile | ||
| |
init.rb | ||
| |
install.rb | ||
 |
lib/ | ||
| |
spec/ | ||
| |
tasks/ | ||
| |
uninstall.rb |
README.textile
Restrict Params
Restrict Params is a Rails plugin which enables you to specify a finite set of keys
which can appear in the parameters being passed to an action.
Why?
If you use a RESTful architecture, you use the create and update actions to modify
resources. Depending on the access priveliges of the application, you might want to,
for example, allow admins to modify all attributes of a Company model, but only allow
general users to modify the “notes” attribute.
Example
class CompaniesController < ApplicationController
restrict_params :to => [:notes], :only => :update, :if => "!current_user.admin?"
endThe plugin will look at the class name of your controller and figure out that we need
to inspect params[:company]. If current_user.admin? is false, it will delete all items
from params[:company] except :notes.
See also
There is a similar merb plugin called
merb_param_protection.
