public
Created

Trying some different ways to secure a Rails application with user input

  • Download Gist
ControllerFormAttributes.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
module ControllerFormAttributes
@@types = {}
# form_params_accessors(:user, :email, :password, :password_confirmation)
def form_params_accessors(type, attributes)
@@types[type] = attributes
end
# user.update_attributes(form_params_for(:user))
def form_params_for(type)
type = type.to_sym # type cast
if current_user.try(:role_is?, 'admin')
return params[type]
else
return params[type].slice(*@@types[type])
end
end
end
 
class ActionController::Base
extend ControllerFormAttributes
include ControllerFormAttributes
end
 
# class UsersController < ApplicationController
# form_params_accessors(:user, [:email, :password, :password_confirmation])
#
# def create
# @user = User.new(form_params_for(:user))
# ...
# end
# end

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.