Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
60 lines (40 sloc) 1.23 KB

Mass assignment guard

Disables mass assignment by default, forcing developers to remember to declare attributes which can be mass assigned.

Installation

Add this to your Gemfile:

gem 'mass_assignment_guard'

Then bundle install.

Usage

Mass assignment is now disabled by default.

Enable attributes with attr_accessible, for example:

class User < ActiveRecord
  attr_accessible :email, :password

Or allow mass assignment for all attributes like this:

class TrustedObject < ActiveRecord
  attr_accessible :all

You can also enable mass assigning all attributes in a controller like this:

class Admin::UsersController < ApplicationController
  def update
    @user.accessible = :all
    @user.update_attributes!(params[:user])
    redirect_to([:admin, @user], :notice => "Updated!")
  end

... or:

class Admin::UsersController < ApplicationController
  def create
    begin
      User.accessible = :all
      @user = User.new(params[:user])
      @user.save!
      redirect_to([:admin, @user], :notice => "Created!")
    ensure
      User.accessible = nil
    end
  end

Testing

To run the tests:

$ rspec