Created
March 13, 2012 09:53
-
-
Save MGPalmer/2027920 to your computer and use it in GitHub Desktop.
Enforce whitelist mode for mass assignment for Rails < 3.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enforce whitelist mode for mass assignment. | |
| # This will create an empty whitelist of attributes available for mass-assignment for all models | |
| # in your app. As such, your models will need to explicitly whitelist or blacklist accessible | |
| # parameters by using an attr_accessible or attr_protected declaration. | |
| # (this is a config option in Rails 3.2) | |
| ActiveRecord::Base.send(:attr_accessible, nil) | |
| if %W(development test).include?(Rails.env) | |
| # Raise exception on mass assignment protection for ActiveRecord models | |
| # (this is a config option in Rails 3.2) | |
| module ActiveModel | |
| module MassAssignmentSecurity | |
| module Sanitizer | |
| def warn!(attrs) | |
| raise "Can't mass-assign protected attributes: #{attrs.join(', ')}" | |
| end | |
| end | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment