This pull request deals with #14 by eliminating the default behavior of synthesizing a whitelist (which likely includes attributes that a client isn't meant to be able to set directly, including foreign keys and sensitive stuff like is_admin on a User object). It also updates the docs to describe usage with strong parameters (in Rails 4+, or Rails 3 with the strong_parameters gem.
See discussion on the ticket for more particulars...
This pull request deals with #14 by eliminating the default behavior of synthesizing a whitelist (which likely includes attributes that a client isn't meant to be able to set directly, including foreign keys and sensitive stuff like
is_adminon aUserobject). It also updates the docs to describe usage with strong parameters (in Rails 4+, or Rails 3 with thestrong_parametersgem.See discussion on the ticket for more particulars...