Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Changeset 8107

Show
Ignore:
Timestamp:
11/06/07 23:50:23 (10 months ago)
Author:
marcel
Message:

Enhance explanation with more examples for attr_accessible macro. Closes #8095 [fearoffish, Marcel Molina]

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/activerecord/CHANGELOG

    r8102 r8107  
    11*SVN* 
     2 
     3* Enhance explanation with more examples for attr_accessible macro. Closes #8095 [fearoffish, Marcel Molina] 
    24 
    35* Update association/method mapping table to refected latest collection methods for has_many :through. Closes #8772 [lifofifo] 

  • trunk/activerecord/lib/active_record/base.rb

    r8054 r8107  
    646646      end 
    647647 
    648       # If this macro is used, only those attributes named in it will be accessible for mass-assignment, such as 
    649       # <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt>. This is the more conservative choice for mass-assignment 
    650       # protection. 
    651       # 
    652       # Example: 
     648      # Similar to the attr_protected macro, this protects attributes of your model from mass-assignment,  
     649      # such as <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt> 
     650      # however, it does it in the opposite way.  This locks all attributes and only allows access to the  
     651      # attributes specified.  Assignment to attributes not in this list will be ignored and need to be set  
     652      # using the direct writer methods instead.  This is meant to protect sensitive attributes from being  
     653      # overwritten by URL/form hackers. If you'd rather start from an all-open default and restrict  
     654      # attributes as needed, have a look at attr_protected. 
     655      #  
     656      # ==== Options 
     657      # 
     658      # <tt>*attributes</tt>   A comma separated list of symbols that represent columns _not_ to be protected 
     659      # 
     660      # ==== Examples 
    653661      # 
    654662      #   class Customer < ActiveRecord::Base 
    655       #     attr_accessible :phone, :email 
     663      #     attr_accessible :name, :nickname 
    656664      #   end 
    657665      # 
    658       # Passing an empty argument list protects all attributes: 
    659       # 
    660       #   class Product < ActiveRecord::Base 
    661       #     attr_accessible # none 
    662       #   end 
    663       # 
    664       # If you'd rather start from an all-open default and restrict attributes as needed, have a look at 
    665       # attr_protected. 
     666      #   customer = Customer.new(:name => "David", :nickname => "Dave", :credit_rating => "Excellent") 
     667      #   customer.credit_rating # => nil 
     668      #   customer.attributes = { :name => "Jolly fellow", :credit_rating => "Superb" } 
     669      #   customer.credit_rating # => nil 
     670      # 
     671      #   customer.credit_rating = "Average" 
     672      #   customer.credit_rating # => "Average" 
    666673      def attr_accessible(*attributes) 
    667674        write_inheritable_array("attr_accessible", attributes - (accessible_attributes || []))