Skip to content
Permalink
Browse files

attr_accessible and attr_protected raise an exception pointing to use…

… plugin or new protection model
  • Loading branch information...
guilleiguaran committed Sep 2, 2012
1 parent 91bcebb commit 9bfa13bb06d510b95f9af27bf12abf031f9af0a5
@@ -37,6 +37,7 @@ module ActiveModel
autoload :ForbiddenAttributesProtection
autoload :Lint
autoload :Model
autoload :DeprecatedMassAssignmentSecurity
autoload :Name, 'active_model/naming'
autoload :Naming
autoload :Observer, 'active_model/observing'
@@ -0,0 +1,19 @@
module ActiveModel
module DeprecatedMassAssignmentSecurity
extend ActiveSupport::Concern

module ClassMethods
def attr_protected(*args)
raise "`attr_protected` is extracted out of Rails into a gem. " \
"Please use new recommended protection model for params " \
"or add `protected_attributes` to your Gemfile to use old one."
end

def attr_accessible(*args)
raise "`attr_accessible` is extracted out of Rails into a gem. " \
"Please use new recommended protection model for params " \
"or add `protected_attributes` to your Gemfile to use old one."
end
end
end
end
@@ -0,0 +1,16 @@
require 'cases/helper'
require 'models/project'

class DeprecatedMassAssignmentSecurityTest < ActiveModel::TestCase
def test_attr_accessible_raise_error
assert_raise RuntimeError, /protected_attributes/ do
Project.attr_accessible :username
end
end

def test_attr_protected_raise_error
assert_raise RuntimeError, /protected_attributes/ do
Project.attr_protected :username
end
end
end
@@ -0,0 +1,3 @@
class Project
include ActiveModel::DeprecatedMassAssignmentSecurity
end
@@ -1,6 +1,8 @@

module ActiveRecord
module AttributeAssignment
extend ActiveSupport::Concern
include ActiveModel::DeprecatedMassAssignmentSecurity
include ActiveModel::ForbiddenAttributesProtection

# Allows you to set all the attributes at once by passing in a hash with keys

7 comments on commit 9bfa13b

@shime

This comment has been minimized.

Copy link
Contributor

replied Oct 19, 2012

@guilleiguaran why is this extracted out?

@steveklabnik

This comment has been minimized.

Copy link
Member

replied Oct 19, 2012

Mass parameters is now in core as the proper way to handle model security.

@shime

This comment has been minimized.

Copy link
Contributor

replied Oct 20, 2012

@steveklabnik cool, thanks! So it uses ActiveModel::ForbidenAttributesProtection now?

@steveklabnik

This comment has been minimized.

Copy link
Member

replied Oct 20, 2012

You can see the plugin version here: http://gihub.com/rails/strong_parameters

@shime

This comment has been minimized.

Copy link
Contributor

replied Oct 20, 2012

@robin850

This comment has been minimized.

Copy link
Member

replied Oct 20, 2012

@steveklabnik : you missed a "t" in your url. ^^ (https://github.com/rails/strong_parameters)

@steveklabnik

This comment has been minimized.

Copy link
Member

replied Oct 20, 2012

dammit. thanks

Please sign in to comment.
You can’t perform that action at this time.