Module: Merb::ParamsFilter::ControllerMixin::ClassMethods

Defined in:
lib/merb-param-protection.rb

Instance Method Summary collapse

Instance Method Details

#log_params_filtered(*args) ⇒ Object

Filters parameters out from the default log string

Params will still be passed to the controller properly, they will show up as [FILTERED] in the merb logs.

Parameters

args

Params that will be filtered

Example

log_params_filtered :password, 'token'

:api: public



77
78
79
80
 
# File 'lib/merb-param-protection.rb', line 77

def log_params_filtered(*args)
  self.log_params_args ||= []
  self.log_params_args += args.collect { |arg| arg.to_s }
end

#params_accessible(args = {}) ⇒ Object

Ensures these parameters are sent for the object

Parameters

args

Params that will be filtered

Example

# The request sets:
params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }

MyController < Application
  params_accessible :post => [:title, :body]
end

params.inspect # => { :post => { :title => "ello", :body => "Want it" } }

So we see that params_accessible removes everything except what is explictly specified.

:api: public



39
40
41
 
# File 'lib/merb-param-protection.rb', line 39

def params_accessible(args = {})
  assign_filtered_params(:accessible_params_args, args)
end

#params_protected(args = {}) ⇒ Object

Protects parameters of an object

Parameters

args

Params that will be filtered

Example

# The request sets:
params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }

MyController < Application
  params_protected :post => [:status, :author_id]
end

params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }

So we see that params_protected removes ONLY those parameters explicitly specified.

:api: public



61
62
63
 
# File 'lib/merb-param-protection.rb', line 61

def params_protected(args = {})
  assign_filtered_params(:protected_params_args, args)
end