module Sequel::Plugins::WhitelistSecurity::ClassMethods

Attributes

allowed_columns[R]

Which columns should be the only columns allowed in a call to a mass assignment method (e.g. set) (default: not set, so all columns not otherwise restricted are allowed).

Public Instance Methods

freeze() click to toggle source

Freeze allowed columns when freezing model class.

Calls superclass method
   # File lib/sequel/plugins/whitelist_security.rb
27 def freeze
28   @allowed_columns.freeze
29   super
30 end
set_allowed_columns(*cols) click to toggle source

Set the columns to allow when using mass assignment (e.g. set). Using this means that any columns not listed here will not be modified. If you have any virtual setter methods (methods that end in =) that you want to be used during mass assignment, they need to be listed here as well (without the =).

It may be better to use set_fields which lets you specify the allowed fields per call.

Artist.set_allowed_columns(:name, :hometown)
Artist.set(name: 'Bob', hometown: 'Sactown') # No Error
Artist.set(name: 'Bob', records_sold: 30000) # Error
   # File lib/sequel/plugins/whitelist_security.rb
43 def set_allowed_columns(*cols)
44   clear_setter_methods_cache
45   @allowed_columns = cols
46 end

Private Instance Methods

get_setter_methods() click to toggle source

If allowed_columns is set, only allow those columns.

Calls superclass method
   # File lib/sequel/plugins/whitelist_security.rb
51 def get_setter_methods
52   if allowed_columns
53     allowed_columns.map{|x| "#{x}="}
54   else
55     super
56   end
57 end