module Sequel::Plugins::WhitelistSecurity::ClassMethods
Attributes
Which columns should be the only columns allowed in a call to a mass assignment method (e.g. set) (default: not set, so all columns not otherwise restricted are allowed).
Public Instance Methods
Source
# File lib/sequel/plugins/whitelist_security.rb 27 def freeze 28 @allowed_columns.freeze 29 super 30 end
Freeze allowed columns when freezing model class.
Calls superclass method
Source
# File lib/sequel/plugins/whitelist_security.rb 43 def set_allowed_columns(*cols) 44 clear_setter_methods_cache 45 @allowed_columns = cols 46 end
Set the columns to allow when using mass assignment (e.g. set
). Using this means that any columns not listed here will not be modified. If you have any virtual setter methods (methods that end in =) that you want to be used during mass assignment, they need to be listed here as well (without the =).
It may be better to use set_fields
which lets you specify the allowed fields per call.
Artist.set_allowed_columns(:name, :hometown) Artist.set(name: 'Bob', hometown: 'Sactown') # No Error Artist.set(name: 'Bob', records_sold: 30000) # Error
Private Instance Methods
Source
# File lib/sequel/plugins/whitelist_security.rb 51 def get_setter_methods 52 if allowed_columns 53 allowed_columns.map{|x| "#{x}="} 54 else 55 super 56 end 57 end
If allowed_columns
is set, only allow those columns.
Calls superclass method