module ActiveModel::MassAssignmentSecurity

Public Instance Methods

sanitize(klass, attributes, authorizer) click to toggle source

Returns all attributes not denied by the authorizer.

@param [Class] klass

Model class

@param [Hash{Symbol,String,::DataMapper::Property,::DataMapper::Relationship=>Object}] attributes

Names and values of attributes to sanitize.

@param [#deny?] authorizer

Usually a ActiveModel::MassAssignmentSecurity::PermissionSet responding to deny?

@return [Hash]

Sanitized hash of attributes.
# File lib/dm-rails/mass_assignment_security.rb, line 43
def sanitize(klass, attributes, authorizer)
  rejected = []
  sanitized_attributes = attributes.reject do |key, value|
    key_name = key.name rescue key
    rejected << key_name if authorizer.deny?(key_name)
  end
  process_removed_attributes(klass, rejected) unless rejected.empty?
  sanitized_attributes
end