module ClassMethods
Ruby on Rails 3.0.20
Since v3.0.20 Last seen in v3.2.22.5Mass assignment security provides an interface for protecting attributes from end-user assignment. For more complex permissions, mass assignment security may be handled outside the model by extending a non-ActiveRecord class, such as a controller, with this behavior.
For example, a logged in user may need to assign additional attributes depending on their role:
class AccountsController < ApplicationController
include ActiveModel::MassAssignmentSecurity
attr_accessible :first_name, :last_name
def self.admin_accessible_attributes
accessible_attributes + [ :plan_id ]
end
def update
...
@account.update_attributes(account_params)
...
end
protected
def account_params
sanitize_for_mass_assignment(params[:account])
end
def mass_assignment_authorizer
admin ? admin_accessible_attributes : super
end
end