I added attribute protection to couchrest, along the lines of
activerecord's. The difference is you declare it on each property,
having a separate macro would be redundant, I thought.
It protects from mass assignment from new, update_attributes
(_without_saving), and attributes=
There are two modes of protection
1) Declare accessible properties, assume all the rest are protected
property :name, :accessible => true
property :admin # this will be automatically
protected
2) Declare protected properties, assume all the rest are accessible
property :name # this will not be protected
property :admin, :protected => true
I squished everything down to a single commit that has what's current
on matetti/master as the parent:
http://github.com/will/couchrest/commit/a6a76d8db85d38e68afc4c2a9d33f7f3d81c1410
Or all of the individual commits are at
http://github.com/will/couchrest/commits/attribute_protection,
though I think the a6a76d all-as-one commit would be easer to work
with.
I left all of the other behavior the same. I think there's some odd
things going on with initialize vs. update_attribute (initialize will
let you add fields that aren't properties, but update_attribute throws
an error), so I just left it the way it was. Also I think the removal
of _id _rev, and the time stamps could be moved into this protection
mixin, however I think we'd then need an internal initializer that
skips checking for use of class methods like get and the like.