Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Increased newbie friendliness #14

Closed
wants to merge 2 commits into from

4 participants

@iGEL

I added a exception message for ActiveModel::ForbiddenAttributes and made the README simpler to understand.

@iGEL

Sorry for the white space changes, Rubymine did this.

@pimpin

It's usefull for me.

@dhh
Owner
dhh commented

Please make this compatible with master and I'll apply.

@steveklabnik
Collaborator

@iGEL it's been three months since we've heard from you. If you're interested in getting this in, please rebase and I'll re-open. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 29, 2012
  1. @iGEL

    Exception message added

    iGEL authored
  2. @iGEL
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 8 deletions.
  1. +10 −7 README.rdoc
  2. +1 −1  lib/active_model/forbidden_attributes_protection.rb
View
17 README.rdoc
@@ -10,20 +10,23 @@ In addition, parameters can be marked as required and flow through a predefined
def create
Person.create(params[:person])
end
-
+
# This will pass with flying colors as long as there's a person key in the parameters, otherwise
- # it'll raise a ActionController::MissingParameter exception, which will get caught by
+ # it'll raise a ActionController::MissingParameter exception, which will get caught by
# ActionController::Base and turned into that 400 Bad Request reply.
def update
- redirect_to current_account.people.find(params[:id]).tap do |person|
- person.update_attributes!(person_params)
- end
+ person = Person.find(params[:id])
+ person.update_attributes!(person_params)
+ redirect_to person
end
-
+
private
# Using a private method to encapsulate the permissible parameters is just a good pattern
# since you'll be able to reuse the same permit list between create and update. Also, you
# can specialize this method with per-user checking of permissible attributes.
+ #
+ # permit will return a copy of the params, marked as safe for mass assignment and just
+ # containing the permitted params. Everything else will be removed.
def person_params
params.require(:person).permit(:name, :age)
end
@@ -41,4 +44,4 @@ Thanks to Nick Kallen for the permit idea!
== Compatibility
-Due to a testing issue, this plugin is only fully compatible with rails/3-2-stable rev 275ee0dc7b and forward as well as rails/master rev b49a7ddce1 and forward.
+Due to a testing issue, this plugin is only fully compatible with rails/3-2-stable rev 275ee0dc7b and forward as well as rails/master rev b49a7ddce1 and forward.
View
2  lib/active_model/forbidden_attributes_protection.rb
@@ -7,7 +7,7 @@ def sanitize_for_mass_assignment(new_attributes, options = {})
if !new_attributes.respond_to?(:permitted?) || (new_attributes.respond_to?(:permitted?) && new_attributes.permitted?)
super
else
- raise ActiveModel::ForbiddenAttributes
+ raise ActiveModel::ForbiddenAttributes, "Forbidden mass assignment of unfiltered parameters to #{self.class}"
end
end
end
Something went wrong with that request. Please try again.