Skip to content
This repository
Browse code

Enhance explanation with more examples for attr_accessible macro. Clo…

…ses #8095 [fearoffish, Marcel Molina]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8107 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit f770b829f4b363888b1af4bc7059bc45637a7ba2 1 parent 9450262
authored November 06, 2007
2  activerecord/CHANGELOG
... ...
@@ -1,5 +1,7 @@
1 1
 *SVN*
2 2
 
  3
+* Enhance explanation with more examples for attr_accessible macro. Closes #8095 [fearoffish, Marcel Molina]
  4
+
3 5
 * Update association/method mapping table to refected latest collection methods for has_many :through. Closes #8772 [lifofifo]
4 6
 
5 7
 * Explain semantics of having several different AR instances in a transaction block. Closes #9036 [jacobat, Marcel Molina]
31  activerecord/lib/active_record/base.rb
@@ -645,24 +645,31 @@ def protected_attributes # :nodoc:
645 645
         read_inheritable_attribute("attr_protected")
646 646
       end
647 647
 
648  
-      # If this macro is used, only those attributes named in it will be accessible for mass-assignment, such as
649  
-      # <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt>. This is the more conservative choice for mass-assignment
650  
-      # protection.
  648
+      # Similar to the attr_protected macro, this protects attributes of your model from mass-assignment, 
  649
+      # such as <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt>
  650
+      # however, it does it in the opposite way.  This locks all attributes and only allows access to the 
  651
+      # attributes specified.  Assignment to attributes not in this list will be ignored and need to be set 
  652
+      # using the direct writer methods instead.  This is meant to protect sensitive attributes from being 
  653
+      # overwritten by URL/form hackers. If you'd rather start from an all-open default and restrict 
  654
+      # attributes as needed, have a look at attr_protected.
  655
+      # 
  656
+      # ==== Options
651 657
       #
652  
-      # Example:
  658
+      # <tt>*attributes</tt>   A comma separated list of symbols that represent columns _not_ to be protected
  659
+      #
  660
+      # ==== Examples
653 661
       #
654 662
       #   class Customer < ActiveRecord::Base
655  
-      #     attr_accessible :phone, :email
  663
+      #     attr_accessible :name, :nickname
656 664
       #   end
657 665
       #
658  
-      # Passing an empty argument list protects all attributes:
659  
-      #
660  
-      #   class Product < ActiveRecord::Base
661  
-      #     attr_accessible # none
662  
-      #   end
  666
+      #   customer = Customer.new(:name => "David", :nickname => "Dave", :credit_rating => "Excellent")
  667
+      #   customer.credit_rating # => nil
  668
+      #   customer.attributes = { :name => "Jolly fellow", :credit_rating => "Superb" }
  669
+      #   customer.credit_rating # => nil
663 670
       #
664  
-      # If you'd rather start from an all-open default and restrict attributes as needed, have a look at
665  
-      # attr_protected.
  671
+      #   customer.credit_rating = "Average"
  672
+      #   customer.credit_rating # => "Average"
666 673
       def attr_accessible(*attributes)
667 674
         write_inheritable_array("attr_accessible", attributes - (accessible_attributes || []))
668 675
       end

0 notes on commit f770b82

Please sign in to comment.
Something went wrong with that request. Please try again.