Module: ActiveRecord::MassAssignmentSecurity::AttributeAssignment
- Extended by:
- ActiveSupport::Concern
- Includes:
- ActiveModel::MassAssignmentSecurity
- Included in:
- Base
- Defined in:
- lib/active_record/mass_assignment_security/attribute_assignment.rb
Defined Under Namespace
Modules: ClassMethods
Instance Method Summary collapse
-
#assign_attributes(new_attributes, options = {}) ⇒ Object
Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.
Instance Method Details
#assign_attributes(new_attributes, options = {}) ⇒ Object
Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.
To bypass mass-assignment security you can use the :without_protection => true option.
class User < ActiveRecord::Base
attr_accessible :name
attr_accessible :name, :is_admin, :as => :admin
end
user = User.new
user.assign_attributes({ :name => 'Josh', :is_admin => true })
user.name # => "Josh"
user.is_admin? # => false
user = User.new
user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
user.name # => "Josh"
user.is_admin? # => true
user = User.new
user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
user.name # => "Josh"
user.is_admin? # => true
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'lib/active_record/mass_assignment_security/attribute_assignment.rb', line 48 def assign_attributes(new_attributes, = {}) return if new_attributes.blank? attributes = new_attributes.stringify_keys multi_parameter_attributes = [] nested_parameter_attributes = [] = @mass_assignment_options @mass_assignment_options = unless [:without_protection] attributes = sanitize_for_mass_assignment(attributes, mass_assignment_role) end attributes.each do |k, v| if k.include?("(") multi_parameter_attributes << [ k, v ] elsif v.is_a?(Hash) nested_parameter_attributes << [ k, v ] else _assign_attribute(k, v) end end assign_nested_parameter_attributes(nested_parameter_attributes) unless nested_parameter_attributes.empty? assign_multiparameter_attributes(multi_parameter_attributes) unless multi_parameter_attributes.empty? ensure @mass_assignment_options = end |