search

inossidabile / protector

Comfortable (seriously) white-list security restrictions for models on a field level
MIT License
270 stars 31 forks source link

StrongParameters issue #30

Closed AlexanderPavlenko closed 11 years ago

AlexanderPavlenko commented 11 years ago 
(rdb:1) permitted_params
{"email"=>"t2@example.com", "password"=>"", "global_role"=>[""], "user_roles_attributes"=>{"0"=>{"id"=>"3", "_destroy"=>"0", "domain_id"=>"3", "role"=>["", "domain_member"]}}}
(rdb:1) permitted_params.permitted?
true
(rdb:1) @user.assign_attributes permitted_params
Unpermitted parameters: password, global_role, user_roles_attributes
nil
(rdb:1) Protector.insecurely{[@user.assign_attributes(permitted_params), @user.save]}
[nil, true]