2012-07-13 04:51:13 -04:00
|
|
|
module ActiveModel
|
2012-09-20 12:47:32 -04:00
|
|
|
# Raised when forbidden attributes are used for mass assignment.
|
|
|
|
|
#
|
|
|
|
|
# class Person < ActiveRecord::Base
|
|
|
|
|
# end
|
|
|
|
|
#
|
|
|
|
|
# params = ActionController::Parameters.new(name: 'Bob')
|
|
|
|
|
# Person.new(params)
|
|
|
|
|
# # => ActiveModel::ForbiddenAttributesError
|
|
|
|
|
#
|
|
|
|
|
# params.permit!
|
|
|
|
|
# Person.new(params)
|
|
|
|
|
# # => #<Person id: nil, name: "Bob">
|
2012-08-13 01:41:04 -04:00
|
|
|
class ForbiddenAttributesError < StandardError
|
2012-07-13 04:51:13 -04:00
|
|
|
end
|
|
|
|
|
|
2012-09-20 13:14:29 -04:00
|
|
|
module ForbiddenAttributesProtection # :nodoc:
|
|
|
|
|
protected
|
2012-11-08 20:31:23 -05:00
|
|
|
def sanitize_for_mass_assignment(attributes)
|
2012-09-20 13:14:29 -04:00
|
|
|
if attributes.respond_to?(:permitted?) && !attributes.permitted?
|
|
|
|
|
raise ActiveModel::ForbiddenAttributesError
|
|
|
|
|
else
|
|
|
|
|
attributes
|
|
|
|
|
end
|
2012-07-13 04:51:13 -04:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
