Method: Sequel::Plugins::BlacklistSecurity::ClassMethods#set_restricted_columns
- Defined in:
- lib/sequel/plugins/blacklist_security.rb
#set_restricted_columns(*cols) ⇒ Object
Set the columns to restrict when using mass assignment (e.g. set). Using this means that attempts to call setter methods for the columns listed here will cause an exception or be silently skipped (based on the strict_param_setting setting). If you have any virtual setter methods (methods that end in =) that you want not to be used during mass assignment, they need to be listed here as well (without the =).
It’s generally a bad idea to rely on a blacklist approach for security. Using a whitelist approach such as the whitelist_security plugin or the set_fields methods is usually a better choice. So use of this method is generally a bad idea.
Artist.set_restricted_columns(:records_sold)
Artist.set(name: 'Bob', hometown: 'Sactown') # No Error
Artist.set(name: 'Bob', records_sold: 30000) # Error
50 51 52 53 |
# File 'lib/sequel/plugins/blacklist_security.rb', line 50 def set_restricted_columns(*cols) clear_setter_methods_cache @restricted_columns = cols end |