-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
attr_protected and attr_accessible? #21
Comments
We built that into SimplyStored (http:https://github.com/peritor/simply_stored), a layer on top of CouchPotato. Even though I'm not a fan of mass assignment on the model level, maybe we could move that code into CouchPotato? Just an offer, personally I prefer it on a layer above, mass assignment protection more often than not is a hassle for me. |
I was using SimplyStored but found it difficult to use (more specifically custom views) so went with just straight CouchPotato instead and I'm having more joy. In terms of mass assignment - for me it is things like having an 'admin' property (among other things) that I'd rather isn't possible to be set through mass assignment. |
try param_protected if you're using rails which works on the controller level. this is a security problem of the http layer so IMHO it should be handled there. if you insist on doing it in the model you could write a plugin in 10 lines of code to do it. I won't pull this into couch potato though. |
Hi,
Is there anyway to use attr_protected and attr_accessible (or similar) to prevent mass assignment when updating documents?
The text was updated successfully, but these errors were encountered: