netguru / cakephp-protected-fields

Protects model fields from mass-assignment such as $model->set(array(...)), still letting you to assign them directly with $model->set($field, $value).

This URL has Read+Write access

Readme update
szajbus (author)
Tue Jan 20 15:59:57 -0800 2009
commit  e19913686c66a81a186daa09ff64d4948e504b16
tree    58f82d9078572a24b23998d0357afd4b567b32fa
parent  55128069bbc4adf7238b542d4f71925e1773554f
name age
history
message
file README.textile Tue Jan 20 15:59:57 -0800 2009 Readme update [szajbus]
file app_model.php Loading commit data...
directory tests/
README.textile

AppModel protected fields

This is an AppModel for your CakePHP applications that provides functionality of protected fields.

A protected field can’t be set via multi-assignment (assigning multiple fields at once via $model→set(array(…))), but it still can be set directly with $model→set($field, $value).

You define which fields you want to protect in your model definition:

  class Article extends AppModel {
    var $protectedFields = array(
      'user_id'
    );
  }

Then you don’t need to worry about user_id field being changed by malicious request. For example, you can safely do this in your controller:

  class ArticlesController extends AppController {
    function edit($id) {
      $this->Article->read(null, $id);
      $this->Article->set($this->data);
      $this->Article->save();
    }
  }

When you assign multiple fields (an array of fields) at once via $this→set, protected fields are automatically filtered out. They can only be set directly:

  $this->Article->set('user_id', 1);

Protected fields are also filtered out when you pass multiple records to set() in order to save them all at once with saveAll().

Associated models are also protected. Check included tests for possible scenarios.

Copyright

Copyright © 2008 MichaƂ Szajbe (http://codetunes.com) and netguru (http://netguru.pl), released under the MIT license.