Skip to content
Browse files

Merge pull request #7719 from frodsan/strong_params_docs_part_two

Strong Parameters documentation
  • Loading branch information...
2 parents 3034489 + 356eed9 commit 6e3532d5e496d611da21f7a5bf67a7d7410400df @rafaelfranca rafaelfranca committed Sep 20, 2012
View
14 actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -271,20 +271,22 @@ def each_element(object)
# == Strong Parameters
#
- # It provides an interface for proctecting attributes from end-user
- # assignment. This makes Action Controller parameters are forbidden
- # to be used in Active Model mass assignmets until they have been
+ # It provides an interface for protecting attributes from end-user
+ # assignment. This makes Action Controller parameters forbidden
+ # to be used in Active Model mass assignment until they have been
# whitelisted.
#
# In addition, parameters can be marked as required and flow through a
# predefined raise/rescue flow to end up as a 400 Bad Request with no
# effort.
#
# class PeopleController < ActionController::Base
- # # This will raise an ActiveModel::ForbiddenAttributes exception because
- # # it's using mass assignment without an explicit permit step.
+ # # Using "Person.create(params[:person])" would raise an
+ # # ActiveModel::ForbiddenAttributes exception because it'd
+ # # be using mass assignment without an explicit permit step.
+ # # This is the recommended form:
# def create
- # Person.create(params[:person])
+ # Person.create(person_params)
# end
#
# # This will pass with flying colors as long as there's a person key in the
View
4 activemodel/lib/active_model/deprecated_mass_assignment_security.rb
@@ -1,8 +1,8 @@
module ActiveModel
- module DeprecatedMassAssignmentSecurity
+ module DeprecatedMassAssignmentSecurity # :nodoc:
extend ActiveSupport::Concern
- module ClassMethods
+ module ClassMethods # :nodoc:
def attr_protected(*args)
raise "`attr_protected` is extracted out of Rails into a gem. " \
"Please use new recommended protection model for params " \
View
27 activemodel/lib/active_model/forbidden_attributes_protection.rb
@@ -1,14 +1,27 @@
module ActiveModel
+ # Raised when forbidden attributes are used for mass assignment.
+ #
+ # class Person < ActiveRecord::Base
+ # end
+ #
+ # params = ActionController::Parameters.new(name: 'Bob')
+ # Person.new(params)
+ # # => ActiveModel::ForbiddenAttributesError
+ #
+ # params.permit!
+ # Person.new(params)
+ # # => #<Person id: nil, name: "Bob">
class ForbiddenAttributesError < StandardError
end
- module ForbiddenAttributesProtection
- def sanitize_for_mass_assignment(attributes, options = {})
- if attributes.respond_to?(:permitted?) && !attributes.permitted?
- raise ActiveModel::ForbiddenAttributesError
- else
- attributes
+ module ForbiddenAttributesProtection # :nodoc:
+ protected
+ def sanitize_for_mass_assignment(attributes, options = {})
+ if attributes.respond_to?(:permitted?) && !attributes.permitted?
+ raise ActiveModel::ForbiddenAttributesError
+ else
+ attributes
+ end
end
- end
end
end

0 comments on commit 6e3532d

Please sign in to comment.
Something went wrong with that request. Please try again.