attr_accessible
131 views
Skip to first unread message
Jonathan Linowes
Mar 3, 2010, 9:41:55 PM3/3/10
to mon...@googlegroups.com
Is attr_accessible implemented? in my test it seems get ignored, and i'm concerned about someone hacking my db by submitting params that i dont expect.
I think this is a separate question, but is there a way to set allow_dynamic_fields for a specific model overrides the global setting?
thanks
linoj
Mar 4, 2010, 11:51:08 PM3/4/10
to Mongoid
I took a stab at it and this passes my specs, at least
module MongoidHacks
module AttrAccessible
extend ActiveSupport::Concern
included do
cattr_accessor :attr_accessible_list
end
module ClassMethods
def attr_accessible(*args)
self.attr_accessible_list = *args
end
end
module InstanceMethods
def attributes=(attrs)
super attrs.slice(*attr_accessible_list)
end
def update_attributes(attrs)
super attrs.slice(*attr_accessible_list)
end
end
end
end
For example,
class Page
include Mongoid::Document
include Mongoid::Timestamps
include MongoidHacks::AttrAccessible
attr_accessible :name, :title, :body
Durran Jordan
Mar 9, 2010, 6:29:17 PM3/9/10
to mon...@googlegroups.com
It's in 1.2.9/Prerelease now.
field :password, :accessible => false
will do the trick... working on the latter request soon.
field :password, :accessible => false
will do the trick... working on the latter request soon.
Reply all
Reply to author
Forward
0 new messages