Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Increased newbie friendliness #14

Closed
wants to merge 2 commits into from

4 participants

Johannes Barre Pierre Merlin David Heinemeier Hansson Steve Klabnik
Johannes Barre

I added a exception message for ActiveModel::ForbiddenAttributes and made the README simpler to understand.

Johannes Barre

Sorry for the white space changes, Rubymine did this.

Pierre Merlin

It's usefull for me.

David Heinemeier Hansson
Owner
dhh commented

Please make this compatible with master and I'll apply.

Steve Klabnik
Collaborator

@iGEL it's been three months since we've heard from you. If you're interested in getting this in, please rebase and I'll re-open. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 29, 2012
  1. Johannes Barre

    Exception message added

    iGEL authored
  2. Johannes Barre
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 8 deletions.
  1. +10 −7 README.rdoc
  2. +1 −1  lib/active_model/forbidden_attributes_protection.rb
17 README.rdoc
View
@@ -10,20 +10,23 @@ In addition, parameters can be marked as required and flow through a predefined
def create
Person.create(params[:person])
end
-
+
# This will pass with flying colors as long as there's a person key in the parameters, otherwise
- # it'll raise a ActionController::MissingParameter exception, which will get caught by
+ # it'll raise a ActionController::MissingParameter exception, which will get caught by
# ActionController::Base and turned into that 400 Bad Request reply.
def update
- redirect_to current_account.people.find(params[:id]).tap do |person|
- person.update_attributes!(person_params)
- end
+ person = Person.find(params[:id])
+ person.update_attributes!(person_params)
+ redirect_to person
end
-
+
private
# Using a private method to encapsulate the permissible parameters is just a good pattern
# since you'll be able to reuse the same permit list between create and update. Also, you
# can specialize this method with per-user checking of permissible attributes.
+ #
+ # permit will return a copy of the params, marked as safe for mass assignment and just
+ # containing the permitted params. Everything else will be removed.
def person_params
params.require(:person).permit(:name, :age)
end
@@ -41,4 +44,4 @@ Thanks to Nick Kallen for the permit idea!
== Compatibility
-Due to a testing issue, this plugin is only fully compatible with rails/3-2-stable rev 275ee0dc7b and forward as well as rails/master rev b49a7ddce1 and forward.
+Due to a testing issue, this plugin is only fully compatible with rails/3-2-stable rev 275ee0dc7b and forward as well as rails/master rev b49a7ddce1 and forward.
2  lib/active_model/forbidden_attributes_protection.rb
View
@@ -7,7 +7,7 @@ def sanitize_for_mass_assignment(new_attributes, options = {})
if !new_attributes.respond_to?(:permitted?) || (new_attributes.respond_to?(:permitted?) && new_attributes.permitted?)
super
else
- raise ActiveModel::ForbiddenAttributes
+ raise ActiveModel::ForbiddenAttributes, "Forbidden mass assignment of unfiltered parameters to #{self.class}"
end
end
end
Something went wrong with that request. Please try again.