Project

su_attr_accessibility

0.0
No commit activity in last 3 years
No release in over 3 years
su_attr_accessibilityeval/su_attr_accessibilityHomepageDocumentationSource CodeBug TrackerWiki
Make all attributes of an AR-model accessible to some roles
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
4,139
Stars
4
Forks
0
Watchers
3
 Releases
Current version
0.5.0
Total releases
1
First release
2012-03-05
Latest release
2012-03-05
 Development
Primary Language
Ruby
Average date of last 50 commits
2012-02-22
Reverse Dependencies
1

 Dependencies

Development

rspec
~> 2.7.0
ZenTest
~> 4.6.2

Runtime

activemodel
>= 3.0.0
activesupport
>= 3.0.0
 Project Readme

SuAttrAccessibility

Usage

Using attr_accessible you can explicitly define what attributes of a model can be mass assigned. As of Rails 3.1 you can even specify these attributes per role.

So given the following model:

# app/models/user.rb

# Table name: users
#
#  id                     :integer(4)      not null, primary key
#  name                   :string(255)
#  is_admin               :boolean(1)
class User < ActiveRecord::Base
  attr_accessible :name, :as => :user_input
end

...we stay safe when POSTed (possibly malicious) data is involved in mass assignment:

> params = {:name => 'Gert', :is_admin => true}
> user = User.new(params, :as => :user_input)
WARNING: Can't mass-assign protected attributes: is_admin
=> #<User id: nil, name: "Gert", is_admin: nil>

While this is all good and fine for handling params in controllers, a whole lot of other parts of your application (e.g. tests, the console, any non-controller code) probably don't want to deal with these restrictions.

Though you could use :without_protection => true to bypass these restrictions, this gem let's you define a role that essentialy does the same:

class User < ActiveRecord::Base
  attr_accessible :name, :as => :user_input
  su_attr_accessible_as :admin
end

> params = {:name => 'Gert', :is_admin => true}
> user = User.new(params, :without_protection => true)
=> #<User id: nil, name: "Gert", is_admin: true>
> user = User.new(params, :as => :admin)
=> #<User id: nil, name: "Gert", is_admin: true>

But wait, there's more!

Do we really care about any role when we're not dealing with submitted data? Probably not. This is when this gem is even better: we can pass the default-role to su_attr_accessible_as and forget about any role except for the parts where we really care:

class User < ActiveRecord::Base
  attr_accessible :name, :as => :user_input
  su_attr_accessible_as :default
end

# on the console and in our tests:
> params = {:name => 'Gert', :is_admin => true}
> user = User.new(params)
=> #<User id: nil, name: "Gert", is_admin: true>

# in our controllers we keep using the user_input-role:
> user = User.new(params, :as => :user_input)
WARNING: Can't mass-assign protected attributes: is_admin
=> #<User id: nil, name: "Gert", is_admin: nil>

Installation

Add this line to your application's Gemfile:

gem 'su_attr_accessibility'

And then execute:

$ bundle

Or install it yourself as:

$ gem install su_attr_accessibility

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Author

Gert Goet (eval) :: gert@thinkcreate.nl :: @gertgoet