Permalink
Browse files

Revert "dont encourage AC::Parameters#permit_all_parameters usage [ci…

… skip]"

This reverts commit cd17ee5.

Reason: Let's note that this is discouraged, not remove the docs

[ci skip]
  • Loading branch information...
1 parent 2c4faaa commit 8ffb0dacf98ce616dd8b1a9513d69983251a69de @vijaydev vijaydev committed Nov 2, 2012
Showing with 21 additions and 1 deletion.
  1. +21 −1 actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -43,6 +43,19 @@ def initialize(param) # :nodoc:
# Person.first.update_attributes!(permitted)
# # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
#
+ # It provides a +permit_all_parameters+ option that controls the top-level
+ # behaviour of new instances. If it's +true+, all the parameters will be
+ # permitted by default. The default value for +permit_all_parameters+
+ # option is +false+.
+ #
+ # params = ActionController::Parameters.new
+ # params.permitted? # => false
+ #
+ # ActionController::Parameters.permit_all_parameters = true
+ #
+ # params = ActionController::Parameters.new
+ # params.permitted? # => true
+ #
# <tt>ActionController::Parameters</tt> is inherited from
# <tt>ActiveSupport::HashWithIndifferentAccess</tt>, this means
# that you can fetch values using either <tt>:key</tt> or <tt>"key"</tt>.
@@ -55,7 +68,8 @@ class Parameters < ActiveSupport::HashWithIndifferentAccess
attr_accessor :permitted # :nodoc:
# Returns a new instance of <tt>ActionController::Parameters</tt>.
- # Also, sets the +permitted+ attribute to +false+.
+ # Also, sets the +permitted+ attribute to the default value of
+ # <tt>ActionController::Parameters.permit_all_parameters</tt>.
#
# class Person
# include ActiveRecord::Base
@@ -64,6 +78,12 @@ class Parameters < ActiveSupport::HashWithIndifferentAccess
# params = ActionController::Parameters.new(name: 'Francesco')
# params.permitted? # => false
# Person.new(params) # => ActiveModel::ForbiddenAttributesError
+ #
+ # ActionController::Parameters.permit_all_parameters = true
+ #
+ # params = ActionController::Parameters.new(name: 'Francesco')
+ # params.permitted? # => true
+ # Person.new(params) # => #<Person id: nil, name: "Francesco">
def initialize(attributes = nil)
super(attributes)
@permitted = self.class.permit_all_parameters

0 comments on commit 8ffb0da

Please sign in to comment.