Skip to content

jonleighton/restrict_params

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

lib

lib

 
 

spec

spec

 
 

tasks

tasks

 
 

MIT-LICENSE

MIT-LICENSE

 
 

README.textile

README.textile

 
 

Rakefile

Rakefile

 
 

init.rb

init.rb

 
 

install.rb

install.rb

 
 

uninstall.rb

uninstall.rb

 
 

Repository files navigation

Status

Use param_protected instead, it’s better.

Restrict Params

Restrict Params is a Rails plugin which enables you to specify a finite set of keys
which can appear in the parameters being passed to an action.

Why?

If you use a RESTful architecture, you use the create and update actions to modify
resources. Depending on the access priveliges of the application, you might want to,
for example, allow admins to modify all attributes of a Company model, but only allow
general users to modify the “notes” attribute.

Example

class CompaniesController < ApplicationController
  restrict_params :to => [:notes], :only => :update, :if => "!current_user.admin?"
end

The plugin will look at the class name of your controller and figure out that we need
to inspect params[:company]. If current_user.admin? is false, it will delete all items
from params[:company] except :notes.

See also

There is a similar merb plugin called
merb_param_protection.

About

Restrict the params which we allow to get through to the action

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages