module Sequel::Plugins::WhitelistSecurity::ClassMethods
Attributes
allowed_columns[R]
Which columns should be the only columns allowed in a call to a mass assignment method (e.g. set) (default: not set, so all columns not otherwise restricted are allowed).
Public Instance Methods
freeze()
click to toggle source
Freeze allowed columns when freezing model class.
Calls superclass method
# File lib/sequel/plugins/whitelist_security.rb 27 def freeze 28 @allowed_columns.freeze 29 super 30 end
set_allowed_columns(*cols)
click to toggle source
Set the columns to allow when using mass assignment (e.g. set
). Using this means that any columns not listed here will not be modified. If you have any virtual setter methods (methods that end in =) that you want to be used during mass assignment, they need to be listed here as well (without the =).
It may be better to use set_fields
which lets you specify the allowed fields per call.
Artist.set_allowed_columns(:name, :hometown) Artist.set(name: 'Bob', hometown: 'Sactown') # No Error Artist.set(name: 'Bob', records_sold: 30000) # Error
# File lib/sequel/plugins/whitelist_security.rb 43 def set_allowed_columns(*cols) 44 clear_setter_methods_cache 45 @allowed_columns = cols 46 end
Private Instance Methods
get_setter_methods()
click to toggle source
If allowed_columns
is set, only allow those columns.
Calls superclass method
# File lib/sequel/plugins/whitelist_security.rb 51 def get_setter_methods 52 if allowed_columns 53 allowed_columns.map{|x| "#{x}="} 54 else 55 super 56 end 57 end