Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Mass Assignment Security using ActiveModel::MassAssignmentSecurity #2
I've added mass assignment protection via ActiveModel. This can be used exactly the same as Rails + ActiveRecord using attr_accessible and attr_protected.
Currently, I'm able to use this via the following:
Alternatively, you can include Rails::DataMapper::MassAssignmentSecurity into any model. As my next step, I would like to integrate this into an application.rb config block. I'm open to suggestions or advice!
Blake, we decided that it's maybe best to just enable it by default. It's impossible to remove it after the fact, but it doesn't really harm to have those methods available (and let them perform one additional cheap check). If people start complaining about that, it's easy enough to make it configurable later on. It just seemed to be something people would expect to work out of the box.
Again, thx for the patch!