module Sequel::Plugins::WhitelistSecurity::ClassMethods

Attributes

allowed_columns[R]

Which columns should be the only columns allowed in a call to a mass assignment method (e.g. set) (default: not set, so all columns not otherwise restricted are allowed).

Public Instance Methods

freeze() click to toggle source

Freeze allowed columns when freezing model class.

# File lib/sequel/plugins/whitelist_security.rb, line 27
def freeze
  @allowed_columns.freeze
  super
end
set_allowed_columns(*cols) click to toggle source

Set the columns to allow when using mass assignment (e.g. set). Using this means that any columns not listed here will not be modified. If you have any virtual setter methods (methods that end in =) that you want to be used during mass assignment, they need to be listed here as well (without the =).

It may be better to use a method such as set_only or set_fields that lets you specify the allowed fields per call.

Artist.set_allowed_columns(:name, :hometown)
Artist.set(:name=>'Bob', :hometown=>'Sactown') # No Error
Artist.set(:name=>'Bob', :records_sold=>30000) # Error
# File lib/sequel/plugins/whitelist_security.rb, line 43
def set_allowed_columns(*cols)
  clear_setter_methods_cache
  @allowed_columns = cols
end