{"id":20081905,"url":"https://github.com/eval/su_attr_accessibility","last_synced_at":"2025-05-06T00:31:25.144Z","repository":{"id":2636429,"uuid":"3625289","full_name":"eval/su_attr_accessibility","owner":"eval","description":"Define roles that have access to all attributes of an AR-model","archived":false,"fork":false,"pushed_at":"2012-03-06T14:35:41.000Z","size":100,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-09T06:12:27.400Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"femmebot/google-type","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eval.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-03-05T08:47:54.000Z","updated_at":"2019-08-13T14:58:16.000Z","dependencies_parsed_at":"2022-08-20T14:50:49.118Z","dependency_job_id":null,"html_url":"https://github.com/eval/su_attr_accessibility","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eval%2Fsu_attr_accessibility","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eval%2Fsu_attr_accessibility/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eval%2Fsu_attr_accessibility/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eval%2Fsu_attr_accessibility/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eval","download_url":"https://codeload.github.com/eval/su_attr_accessibility/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252598315,"owners_count":21774235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T15:40:54.196Z","updated_at":"2025-05-06T00:31:24.833Z","avatar_url":"https://github.com/eval.png","language":"Ruby","readme":"# SuAttrAccessibility\n\n## Usage\n\nUsing `attr_accessible` you can explicitly define what attributes of a model can be mass assigned.\nAs of Rails 3.1 you can even specify these attributes per role.\n\nSo given the following model:\n\n```ruby\n# app/models/user.rb\n\n# Table name: users\n#\n# id :integer(4) not null, primary key\n# name :string(255)\n# is_admin :boolean(1)\nclass User \u003c ActiveRecord::Base\n attr_accessible :name, :as =\u003e :user_input\nend\n```\n\n...we stay safe when POSTed (possibly malicious) data is involved in mass assignment:\n\n```ruby\n\u003e params = {:name =\u003e 'Gert', :is_admin =\u003e true}\n\u003e user = User.new(params, :as =\u003e :user_input)\nWARNING: Can't mass-assign protected attributes: is_admin\n=\u003e #\u003cUser id: nil, name: \"Gert\", is_admin: nil\u003e\n```\n\nWhile this is all good and fine for handling params in controllers, a whole lot of other parts of your application (e.g. tests, the console, any non-controller code) probably don't want to deal with these restrictions.\n\nThough you could use `:without_protection =\u003e true` to bypass these restrictions, this gem let's you define a role that essentialy does the same:\n\n```ruby\nclass User \u003c ActiveRecord::Base\n attr_accessible :name, :as =\u003e :user_input\n su_attr_accessible_as :admin\nend\n\n\u003e params = {:name =\u003e 'Gert', :is_admin =\u003e true}\n\u003e user = User.new(params, :without_protection =\u003e true)\n=\u003e #\u003cUser id: nil, name: \"Gert\", is_admin: true\u003e\n\u003e user = User.new(params, :as =\u003e :admin)\n=\u003e #\u003cUser id: nil, name: \"Gert\", is_admin: true\u003e\n```\n\n## But wait, there's more!\n\nDo we really care about any role when we're *not* dealing with submitted data? Probably not.\nThis is when this gem is even better: we can pass the default-role to `su_attr_accessible_as` and forget about any role except for the parts where we really care:\n\n```ruby\nclass User \u003c ActiveRecord::Base\n attr_accessible :name, :as =\u003e :user_input\n su_attr_accessible_as :default\nend\n\n# on the console and in our tests:\n\u003e params = {:name =\u003e 'Gert', :is_admin =\u003e true}\n\u003e user = User.new(params)\n=\u003e #\u003cUser id: nil, name: \"Gert\", is_admin: true\u003e\n\n# in our controllers we keep using the user_input-role:\n\u003e user = User.new(params, :as =\u003e :user_input)\nWARNING: Can't mass-assign protected attributes: is_admin\n=\u003e #\u003cUser id: nil, name: \"Gert\", is_admin: nil\u003e\n```\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n gem 'su_attr_accessibility'\n\nAnd then execute:\n\n $ bundle\n\nOr install it yourself as:\n\n $ gem install su_attr_accessibility\n\n\n## Contributing\n\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Added some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\n## Author\n\nGert Goet (eval) :: gert@thinkcreate.nl :: @gertgoet\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feval%2Fsu_attr_accessibility","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feval%2Fsu_attr_accessibility","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feval%2Fsu_attr_accessibility/lists"}