Add docs explaining how to protect all attributes using attr_accessible with...

Add docs explaining how to protect all attributes using attr_accessible with no arguments. Closes #9631 [boone, rmm5t] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8032 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

Add docs explaining how to protect all attributes using attr_accessible with...
Add docs explaining how to protect all attributes using attr_accessible with no arguments. Closes #9631 [boone, rmm5t] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8032 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
d761ac40 · Marcel Molina · 27941f64 · d761ac40 · d761ac40
隐藏空白更改
内联并排

Showing with 19 addition and 1 deletion

activerecord/CHANGELOG activerecord/CHANGELOG +2 -0

activerecord/lib/active_record/base.rb activerecord/lib/active_record/base.rb +17 -1

未找到文件。
--- a/activerecord/CHANGELOG
+++ b/activerecord/CHANGELOG
 *SVN*
+* Add docs explaining how to protect all attributes using attr_accessible with no arguments. Closes #9631 [boone, rmm5t]
 * Update add_index documentation to use new options api. Closes #9787 [kamal]
 * Allow find on a has_many association defined with :finder_sql to accept id arguments as strings like regular find does. Closes #9916 [krishna]

--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -623,6 +623,8 @@ def decrement_counter(counter_name, id)
      #
      #   customer.credit_rating = "Average"
      #   customer.credit_rating # => "Average"
+      #
+      # To start from an all-closed default and enable attributes as needed, have a look at attr_accessible.
      def attr_protected(*attributes)
        write_inheritable_array("attr_protected", attributes - (protected_attributes || []))
      end
@@ -634,7 +636,21 @@ def protected_attributes # :nodoc:
      # If this macro is used, only those attributes named in it will be accessible for mass-assignment, such as
      # <tt>new(attributes)</tt> and <tt>attributes=(attributes)</tt>. This is the more conservative choice for mass-assignment
-      # protection. If you'd rather start from an all-open default and restrict attributes as needed, have a look at
+      # protection.
+      #
+      # Example:
+      #
+      #   class Customer < ActiveRecord::Base
+      #     attr_accessible :phone, :email
+      #   end
+      #
+      # Passing an empty argument list protects all attributes:
+      #
+      #   class Product < ActiveRecord::Base
+      #     attr_accessible # none
+      #   end
+      #
+      # If you'd rather start from an all-open default and restrict attributes as needed, have a look at
      # attr_protected.
      def attr_accessible(*attributes)
        write_inheritable_array("attr_accessible", attributes - (accessible_attributes || []))