Skip to content

@TheEmpty /ControllerFormAttributes.rb
Created

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Trying some different ways to secure a Rails application with user input
module ControllerFormAttributes
@@types = {}
# form_params_accessors(:user, :email, :password, :password_confirmation)
def form_params_accessors(type, attributes)
@@types[type] = attributes
end
# user.update_attributes(form_params_for(:user))
def form_params_for(type)
type = type.to_sym # type cast
if current_user.try(:role_is?, 'admin')
return params[type]
else
return params[type].slice(*@@types[type])
end
end
end
class ActionController::Base
extend ControllerFormAttributes
include ControllerFormAttributes
end
# class UsersController < ApplicationController
# form_params_accessors(:user, [:email, :password, :password_confirmation])
#
# def create
# @user = User.new(form_params_for(:user))
# ...
# end
# end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.