From 2d550e6695da2abd6e840f4723749bdd7ec32137 Mon Sep 17 00:00:00 2001 From: Miles Georgi Date: Tue, 31 Mar 2009 18:40:36 -0700 Subject: [PATCH] Added a config.active_record.raise_on_illegal_mass_assignment option to not only log attributes removed by attr_accessible/attr_protected, but to also raise ActiveRecord::IllegalMassAssignmentError when this occurs. --- activerecord/lib/active_record/base.rb | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 9943a70..0c7df74 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -138,6 +138,9 @@ module ActiveRecord #:nodoc: end end + class IllegalMassAssignmentError < ActiveRecordError #:nodoc: + end + # Raised when there are multiple errors while doing a mass assignment through the +attributes+ # method. The exception has an +errors+ property that contains an array of AttributeAssignmentError # objects, each corresponding to the error while assigning to an attribute. @@ -511,6 +514,12 @@ module ActiveRecord #:nodoc: cattr_accessor :timestamped_migrations , :instance_writer => false @@timestamped_migrations = true + # Instead of just dropping attributes that are protected via attr_protected and + # attr_accessible from mass assignment, raise an IllegalMassAssignmentError + # false by default. + @@raise_on_illegal_mass_assignment = false + cattr_accessor :raise_on_illegal_mass_assignment + # Determine whether to store the full constant name including namespace when using STI superclass_delegating_accessor :store_full_sti_class self.store_full_sti_class = false @@ -2947,6 +2956,9 @@ module ActiveRecord #:nodoc: if removed_attributes.any? log_protected_attribute_removal(removed_attributes) + if raise_on_illegal_mass_assignment + raise IllegalMassAssignmentError.new("Illegal mass assignment of #{removed_attributes.join(", ")}") + end end safe_attributes -- 1.6.0.6