Skip to content
Trust your params attributes
Ruby
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
example
lib
spec
.gitignore
Gemfile
Guardfile
LICENSE
README.md
Rakefile
trusted_keys.gemspec

README.md

TrustedKeys

This gem makes it possible to handlle mass assignment in the controller.
It adds two methods:

  • #trusted_attributes - returns the trusted attributes.
  • .trust - defines the trusted attributes.

Why

  • It handles complex hashes. E.g. handles hashes that complies to accepts_nested_attributes_for, even when nested on several levels. See spec for more info.

Usage

Include it in your application controller:

class ApplicationController < ActionController::Base
  include TrustedKeys
end

Define which attributes to trust in the controller:

class EventsController < ApplicationController
  trust :title, :location, :start, :stop, :description, :attendees, :repeat,
        :min_number_of_attendees, :deadline, for: :event
end

The above commands reads like this: trust the following attributes: 'title', ..., 'deadline', returned by the params[:event] hash.

Installation

Add this line to your application's Gemfile:

gem 'trusted_keys'

And then execute:

$ bundle

Or install it yourself as:

$ gem install trusted_keys

Other mass assignment controller protection gems

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
Something went wrong with that request. Please try again.