Skip to content
This repository
Browse code

Default to using attr_accessible

Rails 3.2.3 makes using attr_accessible the default and makes using the
old sytax for audited cumbersome. This puts the onus having to add additional
options on the users that are not using attr_accessible.
  • Loading branch information...
commit ec4732fa214ad9e7c129c36acef1ca80779d079c 1 parent aca71ed
Ryan G authored July 02, 2012
16  README.md
Source Rendered
@@ -174,14 +174,22 @@ company.associated_audits.last.auditable # => #<User name: "Steve Richert">
174 174
 
175 175
 ## Gotchas
176 176
 
177  
-### ActiveRecord Accessible Attributes
  177
+### Accessible Attributes
178 178
 
179  
-If your model calls `attr_accessible` after `audited`, you'll need to set the `:protect => false` option. By default, Audited uses `attr_protected` to prevent malicious users from dissociating your audits, but Rails doesn't allow both `attr_protected` and `attr_accessible`.
  179
+Audited assumes you are using `attr_accessible`, however, if you are using `attr_protected` or just going at it unprotected you will have to set the `:allow_mass_assignment => true` option.
  180
+
  181
+If using `attr_protected` be sure to add `audit_ids` to the list of protected attributes to prevent data loss.
  182
+
  183
+```ruby
  184
+class User < ActiveRecord::Base
  185
+  audited :allow_mass_assignment => true
  186
+end
  187
+```
180 188
 
181 189
 ```ruby
182 190
 class User < ActiveRecord::Base
183  
-  audited :protect => false
184  
-  attr_accessible :name
  191
+  audited :allow_mass_assignment => true
  192
+  attr_protected :logins, :audit_ids
185 193
 end
186 194
 ```
187 195
 
5  lib/audited/auditor.rb
@@ -47,8 +47,6 @@ def audited(options = {})
47 47
         # don't allow multiple calls
48 48
         return if self.included_modules.include?(Audited::Auditor::AuditedInstanceMethods)
49 49
 
50  
-        options = { :protect => accessible_attributes.blank? }.merge(options)
51  
-
52 50
         class_attribute :non_audited_columns,   :instance_writer => false
53 51
         class_attribute :auditing_enabled,      :instance_writer => false
54 52
         class_attribute :audit_associated_with, :instance_writer => false
@@ -68,12 +66,11 @@ def audited(options = {})
68 66
         end
69 67
 
70 68
         attr_accessor :audit_comment
71  
-        unless accessible_attributes.blank? || options[:protect]
  69
+        unless options[:allow_mass_assignment]
72 70
           attr_accessible :audit_comment
73 71
         end
74 72
 
75 73
         has_many :audits, :as => :auditable, :class_name => Audited.audit_class.name
76  
-        attr_protected :audit_ids if options[:protect]
77 74
         Audited.audit_class.audited_class_names << self.to_s
78 75
 
79 76
         after_create  :audit_create if !options[:on] || (options[:on] && options[:on].include?(:create))
4  spec/audited/adapters/active_record/auditor_spec.rb
@@ -461,13 +461,13 @@ class Secret < ::ActiveRecord::Base
461 461
 
462 462
     it "should not raise error when attr_accessible is set and protected is false" do
463 463
       expect {
464  
-        Models::ActiveRecord::UnprotectedUser.new(:name => 'No fail!')
  464
+        Models::ActiveRecord::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
465 465
       }.to_not raise_error
466 466
     end
467 467
 
468 468
     it "should not rause an error when attr_accessible is declared before audited" do
469 469
       expect {
470  
-        Models::ActiveRecord::AccessibleUser.new(:name => 'No fail!')
  470
+        Models::ActiveRecord::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
471 471
       }.to_not raise_error
472 472
     end
473 473
   end
4  spec/audited/adapters/mongo_mapper/auditor_spec.rb
@@ -463,13 +463,13 @@ class Secret
463 463
 
464 464
     it "should not raise error when attr_accessible is set and protected is false" do
465 465
       expect {
466  
-        Models::MongoMapper::UnprotectedUser.new(:name => 'No fail!')
  466
+        Models::MongoMapper::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
467 467
       }.to_not raise_error
468 468
     end
469 469
 
470 470
     it "should not rause an error when attr_accessible is declared before audited" do
471 471
       expect {
472  
-        Models::MongoMapper::AccessibleUser.new(:name => 'No fail!')
  472
+        Models::MongoMapper::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
473 473
       }.to_not raise_error
474 474
     end
475 475
   end
10  spec/support/active_record/models.rb
@@ -4,7 +4,7 @@
4 4
 module Models
5 5
   module ActiveRecord
6 6
     class User < ::ActiveRecord::Base
7  
-      audited :except => :password
  7
+      audited :allow_mass_assignment => true, :except => :password
8 8
 
9 9
       attr_protected :logins
10 10
 
@@ -18,13 +18,13 @@ class CommentRequiredUser < ::ActiveRecord::Base
18 18
       audited :comment_required => true
19 19
     end
20 20
 
21  
-    class UnprotectedUser < ::ActiveRecord::Base
  21
+    class AccessibleAfterDeclarationUser < ::ActiveRecord::Base
22 22
       self.table_name = :users
23  
-      audited :protect => false
  23
+      audited
24 24
       attr_accessible :name, :username, :password
25 25
     end
26 26
 
27  
-    class AccessibleUser < ::ActiveRecord::Base
  27
+    class AccessibleBeforeDeclarationUser < ::ActiveRecord::Base
28 28
       self.table_name = :users
29 29
       attr_accessible :name, :username, :password # declare attr_accessible before calling aaa
30 30
       audited
@@ -32,7 +32,7 @@ class AccessibleUser < ::ActiveRecord::Base
32 32
 
33 33
     class NoAttributeProtectionUser < ::ActiveRecord::Base
34 34
       self.table_name = :users
35  
-      audited
  35
+      audited :allow_mass_assignment => true
36 36
     end
37 37
 
38 38
     class UserWithAfterAudit < ::ActiveRecord::Base
10  spec/support/mongo_mapper/models.rb
@@ -15,7 +15,7 @@ class User
15 15
       key :logins, Integer, :default => 0
16 16
       timestamps!
17 17
 
18  
-      audited :except => :password
  18
+      audited :allow_mass_assignment => true, :except => :password
19 19
 
20 20
       attr_protected :logins
21 21
 
@@ -38,7 +38,7 @@ class CommentRequiredUser
38 38
       audited :comment_required => true
39 39
     end
40 40
 
41  
-    class UnprotectedUser
  41
+    class AccessibleAfterDeclarationUser
42 42
       include ::MongoMapper::Document
43 43
 
44 44
       key :name, String
@@ -49,11 +49,11 @@ class UnprotectedUser
49 49
       key :logins, Integer, :default => 0
50 50
       timestamps!
51 51
 
52  
-      audited :protect => false
  52
+      audited
53 53
       attr_accessible :name, :username, :password
54 54
     end
55 55
 
56  
-    class AccessibleUser
  56
+    class AccessibleBeforeDeclarationUser
57 57
       include ::MongoMapper::Document
58 58
 
59 59
       key :name, String
@@ -79,7 +79,7 @@ class NoAttributeProtectionUser
79 79
       key :logins, Integer, :default => 0
80 80
       timestamps!
81 81
 
82  
-      audited
  82
+      audited :allow_mass_assignment => true
83 83
     end
84 84
 
85 85
     class UserWithAfterAudit

1 note on commit ec4732f

ziemekwolski

Hey,
The generators seem to be missing from the gem, but I see them in the master branch. Did you forget to include them?

Please sign in to comment.
Something went wrong with that request. Please try again.