From e63f04cc0c7d517010f1d6840680b46e69dc75a9 Mon Sep 17 00:00:00 2001
From: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
Date: Tue, 6 Mar 2012 09:12:29 -0300
Subject: [PATCH] Improve docs for attr_accessible|protected related to
 Hash#except|slice

---
 .../active_model/mass_assignment_security.rb   | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb
index e1fb1e323109d..f0041f5feecb1 100644
--- a/activemodel/lib/active_model/mass_assignment_security.rb
+++ b/activemodel/lib/active_model/mass_assignment_security.rb
@@ -83,7 +83,7 @@ module ClassMethods
       #     end
       #   end
       #
-      # When using the :default role :
+      # When using the :default role:
       #
       #   customer = Customer.new
       #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
@@ -94,7 +94,7 @@ module ClassMethods
       #   customer.credit_rating = "Average"
       #   customer.credit_rating # => "Average"
       #
-      # And using the :admin role :
+      # And using the :admin role:
       #
       #   customer = Customer.new
       #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
@@ -105,8 +105,9 @@ module ClassMethods
       # To start from an all-closed default and enable attributes as needed,
       # have a look at +attr_accessible+.
       #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +attr_protected+
-      # to sanitize attributes won't provide sufficient protection.
+      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
+      # +attr_protected+ to sanitize attributes provides basically the same
+      # functionality, but it makes a bit tricky to deal with nested attributes.
       def attr_protected(*args)
         options = args.extract_options!
         role = options[:as] || :default
@@ -150,7 +151,7 @@ def attr_protected(*args)
       #     end
       #   end
       #
-      # When using the :default role :
+      # When using the :default role:
       #
       #   customer = Customer.new
       #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
@@ -160,15 +161,16 @@ def attr_protected(*args)
       #   customer.credit_rating = "Average"
       #   customer.credit_rating # => "Average"
       #
-      # And using the :admin role :
+      # And using the :admin role:
       #
       #   customer = Customer.new
       #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
       #   customer.name          # => "David"
       #   customer.credit_rating # => "Excellent"
       #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +attr_accessible+
-      # to sanitize attributes won't provide sufficient protection.
+      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
+      # +attr_accessible+ to sanitize attributes provides basically the same
+      # functionality, but it makes a bit tricky to deal with nested attributes.
       def attr_accessible(*args)
         options = args.extract_options!
         role = options[:as] || :default