This repository has been archived by the owner. It is now read-only.

Mass Assignment Security using ActiveModel::MassAssignmentSecurity #2

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
2 participants
@bgentry

bgentry commented Oct 9, 2010

I've added mass assignment protection via ActiveModel. This can be used exactly the same as Rails + ActiveRecord using attr_accessible and attr_protected.

Currently, I'm able to use this via the following:

require 'dm-rails/mass_assignment_security'
DataMapper::Model.append_inclusions(Rails::DataMapper::MassAssignmentSecurity)

Alternatively, you can include Rails::DataMapper::MassAssignmentSecurity into any model. As my next step, I would like to integrate this into an application.rb config block. I'm open to suggestions or advice!

Thanks!

@snusnu

This comment has been minimized.

Member

snusnu commented Oct 23, 2010

Thx Blake! Pulled in. We've fixed the configuration object yesterday, and if you don't beat us to it, we might be able to integrate the configuration setting you've mentioned today.

@snusnu

This comment has been minimized.

Member

snusnu commented Oct 23, 2010

Blake, we decided that it's maybe best to just enable it by default. It's impossible to remove it after the fact, but it doesn't really harm to have those methods available (and let them perform one additional cheap check). If people start complaining about that, it's easy enough to make it configurable later on. It just seemed to be something people would expect to work out of the box.

Again, thx for the patch!

This issue was closed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.