Module Merb::ParamsFilter::ControllerMixin::ClassMethods
In: merb-param-protection/lib/merb-param-protection.rb

Methods

Public Instance methods

Filters parameters out from the default log string

 Params will still be passed to the controller properly, they will
 show up as [FILTERED] in the merb logs.

log_params_filtered :password, ‘token‘

[Source]

    # File merb-param-protection/lib/merb-param-protection.rb, line 73
73:           def log_params_filtered(*args)
74:             self.log_params_args = args.collect { |arg| arg.to_sym }
75:           end

Ensures these parameters are sent for the object

  params_accessible :post => [:title, :body]

[Source]

    # File merb-param-protection/lib/merb-param-protection.rb, line 55
55:           def params_accessible(args = {})
56:             assign_filtered_params(:accessible_params_args, args)
57:           end

Protects parameters of an object

  params_protected :post => [:status, :author_id]

[Source]

    # File merb-param-protection/lib/merb-param-protection.rb, line 63
63:           def params_protected(args = {})
64:             assign_filtered_params(:protected_params_args, args)
65:           end

Private Instance methods

[Source]

    # File merb-param-protection/lib/merb-param-protection.rb, line 79
79:           def assign_filtered_params(method, args)
80:             validate_filtered_params(method, args)
81: 
82:             # If the method is nil, set to initial hash, otherwise merge
83:             self.send(method).nil? ? self.send(method.to_s + '=', args) : self.send(method).merge!(args)
84:           end

[Source]

     # File merb-param-protection/lib/merb-param-protection.rb, line 86
 86:           def validate_filtered_params(method, args)
 87:             # Reversing methods
 88:             params_methods = [:accessible_params_args, :protected_params_args]
 89:             params_methods.delete(method)
 90:             params_method = params_methods.first
 91: 
 92:             # Make sure the opposite method is not nil
 93:             unless self.send(params_method).nil?
 94:               # Loop through arg's keys
 95:               args.keys.each do |key|
 96:                 # If the key exists on the opposite method, raise exception
 97:                 if self.send(params_method).include?(key)
 98:                   case method
 99:                   when :accessible_params_args : raise "Cannot make accessible a controller (#{self}) that is already protected"
100:                   when :protected_params_args : raise "Cannot protect controller (#{self}) that is already accessible"
101:                   end
102:                 end
103:               end
104:             end
105:           end

[Validate]