Module: Merb::ParamsFilter::RequestMixin

Defined in:

lib/merb-param-protection.rb

Instance Attribute Summary

• #trashed_params ⇒ Object

  Returns the value of attribute trashed_params.

Instance Method Summary

• #remove_params_from_object(obj, attrs = []) ⇒ Object

  Removes specified parameters of an object.

• #restrict_params(obj, attrs = []) ⇒ Object

  Restricts parameters of an object.

Instance Attribute Details

#trashed_params ⇒ Object

Returns the value of attribute trashed_params.

# File 'lib/merb-param-protection.rb', line 131

def trashed_params
  @trashed_params
end

Instance Method Details

#remove_params_from_object(obj, attrs = []) ⇒ Object

Removes specified parameters of an object

Parameters

obj<Symbol>

Params key

attrs<Array>

Attributes to restrict

Example

remove_params_from_object(:post, [:status, :author_id])

:api: plugin

# File 'lib/merb-param-protection.rb', line 143

def remove_params_from_object(obj, attrs = [])
  unless params[obj].nil?
    filtered = params
    attrs.each {|a| filtered[obj].delete(a)}
    @params = filtered
  end
end

#restrict_params(obj, attrs = []) ⇒ Object

Restricts parameters of an object

Parameters

obj<Symbol>

Params key

attrs<Array>

Attributes to restrict

Example

restrict_params(:post, [:title, :body])

:api: plugin

# File 'lib/merb-param-protection.rb', line 161

def restrict_params(obj, attrs = [])
  # Make sure the params for the object exists
  unless params[obj].nil?
    attrs = attrs.collect {|a| a.to_s}
    trashed_params_keys = params[obj].keys - attrs

    # Store a hash of the key/value pairs we are going
    # to remove in case we need them later.  Lighthouse Bug # 105
    @trashed_params = {}
    trashed_params_keys.each do |key|
      @trashed_params.merge!({key => params[obj][key]})
    end

    remove_params_from_object(obj, trashed_params_keys)
  end
end