API Guides

module ClassMethods

Ruby on Rails 3.1.12

Since v3.0.20 Last seen in v3.2.22.5

Available in: v3.0.20 v3.1.12 v3.2.22.5

Mass assignment security provides an interface for protecting attributes from end-user assignment. For more complex permissions, mass assignment security may be handled outside the model by extending a non-ActiveRecord class, such as a controller, with this behavior.

For example, a logged in user may need to assign additional attributes depending on their role:

class AccountsController < ApplicationController
  include ActiveModel::MassAssignmentSecurity

  attr_accessible :first_name, :last_name
  attr_accessible :first_name, :last_name, :plan_id, :as => :admin

  def update
    ...
    @account.update_attributes(account_params)
    ...
  end

  protected

  def account_params
    role = admin ? :admin : :default
    sanitize_for_mass_assignment(params[:account], role)
  end

end

Methods (defined here)

Private methods

(2) Implementation detail — not part of the public API.

Type at least 2 characters to search.

↑↓ navigate · open · esc close