This project is archived and is in readonly mode.

#1084 ✓committed
Adam Milligan

ActiveRecord attributes should respect access control

Reported by Adam Milligan | September 21st, 2008 @ 09:27 AM

From a discussion on this thread: http://groups.google.com/group/r...

This patch makes possible setting ActiveRecord attributes as private. #respond_to? will now return false for an attribute method defined as private in the class definition. Also, attempting to directly call the attribute method will result in a NoMethodError. Calling the method via #send circumvents the access control, as expected.

Tests included.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Attachments

Referenced by

Pages