Which columns should be the only columns allowed in a call to a mass assignment method (e.g. set) (default: not set, so all columns not otherwise restricted are allowed).
Freeze allowed columns when freezing model class.
# File lib/sequel/plugins/whitelist_security.rb, line 27 def freeze @allowed_columns.freeze super end
Set the columns to allow when using mass assignment (e.g.
set
). Using this means that any columns not listed here will
not be modified. If you have any virtual setter methods (methods that end
in =) that you want to be used during mass assignment, they need to be
listed here as well (without the =).
It may be better to use set_fields
which lets you specify the
allowed fields per call.
Artist.set_allowed_columns(:name, :hometown) Artist.set(name: 'Bob', hometown: 'Sactown') # No Error Artist.set(name: 'Bob', records_sold: 30000) # Error
# File lib/sequel/plugins/whitelist_security.rb, line 43 def set_allowed_columns(*cols) clear_setter_methods_cache @allowed_columns = cols end
If #allowed_columns is set, only allow those columns.
# File lib/sequel/plugins/whitelist_security.rb, line 51 def get_setter_methods if allowed_columns allowed_columns.map{|x| "#{x}="} else super end end