class method
self.attr_protected
Ruby on Rails 2.3.18
Since v2.2.3 Last seen in v2.3.18Available in: v2.2.3 v2.3.18
Signature
self.attr_protected(*attributes)Attributes named in this macro are protected from mass-assignment, such as new(attributes), update_attributes(attributes), or attributes=(attributes).
Mass-assignment to these attributes will simply be ignored, to assign to them you can use direct writer methods. This is meant to protect sensitive attributes from being overwritten by malicious users tampering with URLs or forms.
class Customer < ActiveRecord::Base attr_protected :credit_rating end customer = Customer.new("name" => David, "credit_rating" => "Excellent") customer.credit_rating # => nil customer.attributes = { "description" => "Jolly fellow", "credit_rating" => "Superb" } customer.credit_rating # => nil customer.credit_rating = "Average" customer.credit_rating # => "Average"
To start from an all-closed default and enable attributes as needed, have a look at attr_accessible.
Parameters
-
attributesrest
Source
# File activerecord/lib/active_record/base.rb, line 1052
def attr_protected(*attributes)
write_inheritable_attribute(:attr_protected, Set.new(attributes.map(&:to_s)) + (protected_attributes || []))
end
Defined in activerecord/lib/active_record/base.rb line 1052
· View on GitHub
· Improve this page
· Find usages on GitHub
Defined in ActiveRecord::Base