Permalink
Browse files

readme added

  • Loading branch information...
eval committed Mar 4, 2012
1 parent d72e5b8 commit 2ad76c98033f4b7a3a34062dbeaa938c94437808
Showing with 53 additions and 3 deletions.
  1. +47 −2 README.md
  2. +6 −1 spec/sudo_attr_accessibility/saa_spec.rb
View
@@ -1,6 +1,11 @@
# SudoAttrAccessibility
-TODO: Write a gem description
+Using attr_accessible you can explicitly define what attributes of a model can be assigned.
+As of Rails 3.1 this got even better as you can define different lists of attributes for different roles.
+
+While this is all good and fine to protect your models from malicious input from outside (handled mostly in controllers), it will also make other uses of your models somewhat harder: e.g. when testing or when in the console.
+
+This gem tries to solve this by letting you define roles that are allowed to access all attribites. It even makes it possible to forget all this role-stuff and only explicitly use roles in places where it matters (again: mostly in controllers).
## Installation
@@ -18,7 +23,47 @@ Or install it yourself as:
## Usage
-TODO: Write usage instructions here
+```ruby
+ class Person < ActiveRecord::Base
+ belongs_to :account
+
+ # attributes mass-assignable as role default
+ attr_accessible :email
+
+ # the admin-role can access all...
+ sudo_attr_accessible_as :admin
+
+ # ...even attributes defined later on
+ attr_accessor :current_step
+ end
+
+ p1 = Person.new(:email => 'person1@example.org', :active => true)
+ p1.email # => 'person1@example.org'
+ p1.active # => nil
+ p2 = Person.new({:email => 'person1@example.org', :active => true,
+ :account => Account.first, :current_step => 1},
+ :as => :admin)
+ p2.email # => 'person1@example.org'
+ p2.active # => true
+ p2.current_step # => 2
+ p2.account # => <Account ...>
+```
+
+Alternatively the default-role is passed to sudo_attr_accessible_as and
+another role is used for attr_accessible. This is more convenient when
+working in the console for example (no ':as => :role' is needed) though
+is less secure of course.
+
+Enabling this behaviour by default for all subclasses of AR:
+
+```ruby
+ class ActiveRecord::Base
+ def self.inherited(child_class)
+ child_class.class_eval{ sudo_attr_accessible_as :default }
+ super
+ end
+ end
+```
## Contributing
@@ -14,13 +14,18 @@
end
class Person < ActiveRecord::Base
+ include SudoAttrAccessibility
+
attr_accessible :name
sudo_attr_accessible_as :admin
end
describe SudoAttrAccessibility do
- it "should work" do
+ it "let's admin assign protected attributes" do
p1 = Person.new(:age => 12)
p1.age.should be_nil
+
+ p2 = Person.new({:age => 12}, :as => :admin)
+ p2.age.should == 12
end
end

0 comments on commit 2ad76c9

Please sign in to comment.