This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
| name | age | message | |
|---|---|---|---|
 |
MIT-LICENSE | Thu Sep 04 13:38:29 -0700 2008 | |
| |
README.textile | Fri Sep 05 14:29:54 -0700 2008 | |
| |
Rakefile | Thu Sep 04 13:38:29 -0700 2008 | |
| |
init.rb | Thu Sep 04 13:38:29 -0700 2008 | |
| |
install.rb | Thu Sep 04 13:38:29 -0700 2008 | |
 |
lib/ | Thu Sep 04 13:38:29 -0700 2008 | |
| |
spec/ | Thu Sep 04 13:38:29 -0700 2008 | |
| |
tasks/ | Thu Sep 04 13:38:29 -0700 2008 | |
| |
uninstall.rb | Thu Sep 04 13:38:29 -0700 2008 |
README.textile
Restrict Params
Restrict Params is a Rails plugin which enables you to specify a finite set of keys
which can appear in the parameters being passed to an action.
Why?
If you use a RESTful architecture, you use the create and update actions to modify
resources. Depending on the access priveliges of the application, you might want to,
for example, allow admins to modify all attributes of a Company model, but only allow
general users to modify the “notes” attribute.
Example
class CompaniesController < ApplicationController
restrict_params :to => [:notes], :only => :update, :if => "!current_user.admin?"
endThe plugin will look at the class name of your controller and figure out that we need
to inspect params[:company]. If current_user.admin? is false, it will delete all items
from params[:company] except :notes.
See also
There is a similar merb plugin called
merb_param_protection.
