• This repository has been archived on 12/Dec/2021
  • Stars
    star
    149
  • Rank 248,568 (Top 5 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 15 years ago
  • Updated over 13 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Rails plugin for overriding attr_accessible protection.

Trusted Params

Rails plugin which adds a convenient way to override attr_accessible protection.

If you are unfamiliar with the dangers of mass assignment please check these links

Install

You can install this as a plugin into your Rails app.

script/plugin install git://github.com/ryanb/trusted-params.git

Features

This plugin does several things.

  • Adds “trust” method on hash to bypass attribute protection

  • Disables attr_protected because you should use attr_accessible.

  • Requires attr_accessible be specified in every model

  • Adds :all as option to attr_accessible to allow all attributes to be mass-assignable

  • Raises an exception when assigning a protected attribute (instead of just a log message)

Usage

When using this plugin, you must define attr_accessible in every model to allow mass assignment. You can use :all to mark all attributes as accessible.

class Comment < ActiveRecord::Base
  attr_accessible :all
end

However, only do this if you want all attributes accessible to the public. Many times you will want to limit what the general public can set.

class Comment < ActiveRecord::Base
  attr_accessible :author_name, :email, :content
end

Administrators should be able to bypass the protected attributes and set anything. This can be done with the “trust” method.

def create
  params[:comment].trust if admin?
  @comment = Comment.new(params[:comment])
  # ...
end

You can mark certain attributes as trusted for different roles

params[:comment].trust(:spam, :important) if moderator?

Then only those attributes will be allowed to bypass mass assignment.

More Repositories

1

cancan

Authorization Gem for Ruby on Rails.
Ruby
6,265
star
2

ruby-warrior

Game written in Ruby for learning Ruby.
Ruby
3,830
star
3

letter_opener

Preview mail in the browser instead of sending.
Ruby
3,686
star
4

dotfiles

config files for zsh, bash, completions, gem, git, irb, rails
Shell
2,312
star
5

nifty-generators

A collection of useful Rails generator scripts.
Ruby
1,984
star
6

nested_form

Rails plugin to conveniently handle multiple models in a single form.
Ruby
1,792
star
7

private_pub

Handle pub/sub messaging through private channels in Rails using Faye.
Ruby
864
star
8

railscasts-episodes

NOT MAINTAINED. See README.
Ruby
846
star
9

railscasts

railscasts.com in open source (outdated).
Ruby
760
star
10

populator

Mass populate an Active Record database.
Ruby
393
star
11

complex-form-examples

Various ways to handle multi-model forms in Rails.
Ruby
304
star
12

mustard

Simple "must" expectations for tests and specs in Ruby.
Ruby
144
star
13

govsgo

Rails 3 app for playing the board game Go online.
Ruby
140
star
14

xapit

High level Ruby library for interacting with Xapian, a full text search engine.
Ruby
139
star
15

rails-templates

Template scripts for creating new rails applications.
Ruby
134
star
16

cocoa-web-app-example

A Cocoa application to demonstrate the interaction between Objective-C and JavaScript in a WebView.
Objective-C
96
star
17

importex

Import an Excel file using Ruby.
Ruby
90
star
18

uniquify

Generate a unique, random token for Active Record.
Ruby
87
star
19

textmate-themes

My TextMate themes (includes Railscasts theme)
69
star
20

acts-as-list

NOT MAINTAINED. Gem version of acts_as_list Rails plugin.
Ruby
65
star
21

abingo

Fork of A/Bingo plugin for Rails.
Ruby
55
star
22

railscasts-scripts

Scripts used internally when producing RailsCasts
Ruby
52
star
23

scope-builder

Build up named scopes conditionally.
Ruby
51
star
24

rmov

Ruby wrapper for the QuickTime C API.
C
48
star
25

render-caching

Cache render calls in Rails controllers.
Ruby
45
star
26

enlighten

Interactive ruby debugger in the browser.
Ruby
41
star
27

static_actions

Rails plugin to quickly make named routes for non-RESTful actions.
Ruby
39
star
28

searchify

Rails plugin to add extra searching functionality to models.
Ruby
37
star
29

selenium-on-rails

This repo is no longer maintained, see the official repository by paytonrules.
JavaScript
34
star
30

ryan-on-rails.tmbundle

Some TextMate snippets I use when working with Ruby and Rails.
26
star
31

dailystamp

Source code for my Rails Rumble 2009 submission
Ruby
23
star
32

url_formatter

Format and validate a URL in Active Record. Example gem for RailsCasts.
Ruby
18
star
33

association-freezer

Freeze a belongs_to association in Active Record.
Ruby
17
star
34

admiteer

Rails Rumble 2007 project by Jack Canty, Kelli Shaver, and Ryan Bates
17
star
35

todo-list.tmbundle

A simple TextMate bundle to manage a todo lists.
14
star
36

myideadrawer

Rails Rumble 2008 entry by Ryan Bates and Kelli Shaver
Ruby
13
star
37

advent-2022

Advent of Code in Elixir
Elixir
12
star
38

blog-screencast

Example blog application built in the offical 15 minute Rails screencast.
Ruby
12
star
39

xapit-sync

Rails plugin to automatically reload a Xapian database when models change.
Ruby
12
star
40

ryan-bates.tmbundle

Miscellaneous commands and snippets I use in TextMate.
11
star
41

maestro

Piano exercise game written in MacRuby.
Ruby
11
star
42

vscode-railscasts-theme

RailsCasts Theme for VS Code
7
star
43

ryanb.github.io

Personal site for Ryan Bates
5
star
44

vscode-erb-syntax

ERB Syntax for VS Code
5
star
45

xapit-server

Rack server for interacting with a Xapian database remotely through Xapit.
Ruby
4
star
46

swapper

Ruby script for swapping two elements on a line (to be used in text editors).
3
star
47

bookmarklets

JavaScript
1
star
48

wallaby-rails-7-1-2

Example Rails 7.1.2 app with Wallaby
Ruby
1
star