Merb::ParamsFilter::RequestMixin

Attributes

trashed_params[RW]

Public Instance Methods

remove_params_from_object(obj, attrs = []) click to toggle source

Removes specified parameters of an object

Parameters

obj

Params key

attrs

Attributes to restrict

Example

  remove_params_from_object(:post, [:status, :author_id])

:api: plugin

     # File lib/merb-param-protection.rb, line 143
143:       def remove_params_from_object(obj, attrs = [])
144:         unless params[obj].nil?
145:           filtered = params
146:           attrs.each {|a| filtered[obj].delete(a)}
147:           @params = filtered
148:         end
149:       end
restrict_params(obj, attrs = []) click to toggle source

Restricts parameters of an object

Parameters

obj

Params key

attrs

Attributes to restrict

Example

  restrict_params(:post, [:title, :body])

:api: plugin

     # File lib/merb-param-protection.rb, line 161
161:       def restrict_params(obj, attrs = [])
162:         # Make sure the params for the object exists
163:         unless params[obj].nil?
164:           attrs = attrs.collect {|a| a.to_s}
165:           trashed_params_keys = params[obj].keys - attrs
166: 
167:           # Store a hash of the key/value pairs we are going
168:           # to remove in case we need them later.  Lighthouse Bug # 105
169:           @trashed_params = {}
170:           trashed_params_keys.each do |key|
171:             @trashed_params.merge!({key => params[obj][key]})
172:           end
173: 
174:           remove_params_from_object(obj, trashed_params_keys)
175:         end
176:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.