specify a role for identifying accessible attributes when wrapping params #4445

Merged
merged 1 commit into from May 4, 2012

3 participants

@nragaz

This is an addition to #3900

In addition to using attr_accessible to identify which params to wrap, this also allows you to specify a role using an :as option on wrap_parameters. Then the wrapped params will only be those accessible to that role.

@josevalim
Ruby on Rails member

Thanks, but this won't work properly know because in the case the user doesn't pass :as, it will be set to nil and it won't work as expected:

https://github.com/rails/rails/blob/master/activemodel/lib/active_model/mass_assignment_security.rb

The default for :as needs to be :default.

@nragaz
@josevalim
Ruby on Rails member
@nragaz
@isaacsanders

Is this still an issue?

@nragaz
@isaacsanders

Is it worth keeping the issue open for rails?

@nragaz
@josevalim
Ruby on Rails member

Yes, this needs to be fixed. Could you please rebase your pull request, then push --force it to the same branch and ping me again? Thanks.

@nragaz

@josevalim -- would be happy to, but I don't understand how you want me to rebase it. I never use rebasing and don't want to screw it up. Could you clarify?

@isaacsanders

Rebasing: git rebase <branch-name>

@nragaz nragaz Add a role option to wrap_parameters.
The role option identifies which parameters are accessible and should be wrapped. The default role is :default.
bfb25f9
@nragaz

@josevalim -- rebased. Thanks!

@josevalim josevalim merged commit efb054b into rails:3-2-stable May 4, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment