Skip to content

Instantly share code, notes, and snippets.

@TheEmpty
Created March 11, 2012 02:23
Show Gist options
  • Save TheEmpty/2014589 to your computer and use it in GitHub Desktop.
Save TheEmpty/2014589 to your computer and use it in GitHub Desktop.
Trying some different ways to secure a Rails application with user input
module ControllerFormAttributes
@@types = {}
# form_params_accessors(:user, :email, :password, :password_confirmation)
def form_params_accessors(type, attributes)
@@types[type] = attributes
end
# user.update_attributes(form_params_for(:user))
def form_params_for(type)
type = type.to_sym # type cast
if current_user.try(:role_is?, 'admin')
return params[type]
else
return params[type].slice(*@@types[type])
end
end
end
class ActionController::Base
extend ControllerFormAttributes
include ControllerFormAttributes
end
# class UsersController < ApplicationController
# form_params_accessors(:user, [:email, :password, :password_confirmation])
#
# def create
# @user = User.new(form_params_for(:user))
# ...
# end
# end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment