Secures ActiveRecord mass assignment by default
Ruby
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
lib
spec
.gitignore
.rspec
Gemfile
Rakefile
mass_assignment_guard.gemspec
readme.md

readme.md

Mass assignment guard

Disables mass assignment by default, forcing developers to remember to declare attributes which can be mass assigned.

Installation

Add this to your Gemfile:

gem 'mass_assignment_guard'

Then bundle install.

Usage

Mass assignment is now disabled by default.

Enable attributes with attr_accessible, for example:

class User < ActiveRecord
  attr_accessible :email, :password

Or allow mass assignment for all attributes like this:

class TrustedObject < ActiveRecord
  attr_accessible :all

You can also enable mass assigning all attributes in a controller like this:

class Admin::UsersController < ApplicationController
  def update
    @user.accessible = :all
    @user.update_attributes!(params[:user])
    redirect_to([:admin, @user], :notice => "Updated!")
  end

... or:

class Admin::UsersController < ApplicationController
  def create
    begin
      User.accessible = :all
      @user = User.new(params[:user])
      @user.save!
      redirect_to([:admin, @user], :notice => "Created!")
    ensure
      User.accessible = nil
    end
  end

Testing

To run the tests:

$ rspec