Module: Padrino::ParamsProtection::ClassMethods

Defined in:

lib/padrino-core/application/params_protection.rb

Instance Method Summary

• #params(*allowed_params) ⇒ Object

  Implements filtering of url query params.

Instance Method Details

#params(*allowed_params) ⇒ Object

Implements filtering of url query params. Can prevent mass-assignment.

Examples:

post :update, :params => [:name, :email]
post :update, :params => [:name, :id => Integer]
post :update, :params => [:name => proc{ |v| v.reverse }]
post :update, :params => [:name, :parent => [:name, :position]]
post :update, :params => false
post :update, :params => true

params :name, :email, :password => prox{ |v| v.reverse }
post :update

App.controller :accounts, :params => [:name, :position] do
  post :create
  post :update, :with => [ :id ], :params => [:name, :position, :addition]
  get :show, :with => :id, :params => false
  get :search, :params => true
end

# File 'lib/padrino-core/application/params_protection.rb', line 39

def params(*allowed_params)
  allowed_params = prepare_allowed_params(allowed_params)
  condition do
    @original_params = Utils.deep_dup(params)
    filter_params!(params, allowed_params)
  end
end