module ActiveModel::MassAssignmentSecurity::ClassMethods

def attr_accessible(*names)

to sanitize attributes won't provide sufficient protection.
Note that using Hash#except or Hash#slice in place of +attr_accessible+

customer.credit_rating # => "Average"
customer.credit_rating = "Average"

customer.credit_rating # => nil
customer.name # => "David"
customer.attributes = { :name => "David", :credit_rating => "Excellent" }
customer = Customer.new

end
end
end
send("#{k}=", v)
sanitize_for_mass_assignment(values).each do |k, v|
def attributes=(values)

attr_accessible :name
attr_accessor :name, :credit_rating

include ActiveModel::MassAssignmentSecurity
class Customer

+attr_protected+.
default and restrict attributes as needed, have a look at
tampering with URLs or forms. If you'd rather start from an all-open
sensitive attributes from being overwritten by malicious users
attributes you can use direct writer methods. This is meant to protect
will only set attributes in this list, to assign to the rest of
This is the opposite of the +attr_protected+ macro: Mass-assignment

mass-assignment.
Specifies a white list of model attributes that can be set via

def attr_accessible(*names)
  self._accessible_attributes = self.accessible_attributes + names
  self._active_authorizer = self._accessible_attributes
end

Modules

Classes

module ActiveModel::MassAssignmentSecurity::ClassMethods

def attr_accessible(*names)

Instance Methods