Improve docs for attr_accessible|protected related to Hash#except|slice

2012-03-06 09:12:29 -03:00 · 2012-03-06 09:12:29 -03:00 · e64dbb5b36
commit e64dbb5b36
parent 945ee35933
1 changed files with 10 additions and 8 deletions
--- a/activemodel/lib/active_model/mass_assignment_security.rb
+++ b/activemodel/lib/active_model/mass_assignment_security.rb
@ -85,7 +85,7 @@ module ClassMethods
      #     end
      #   end
      #
-      # When using the :default role :
+      # When using the :default role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ "name" => "David", "email" => "a@b.com", :logins_count => 5 }, :as => :default)
@ -93,7 +93,7 @@ module ClassMethods
      #   customer.email # => "a@b.com"
      #   customer.logins_count    # => nil
      #
-      # And using the :admin role :
+      # And using the :admin role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ "name" => "David", "email" => "a@b.com", :logins_count => 5}, :as => :admin)
@ -107,8 +107,9 @@ module ClassMethods
      # To start from an all-closed default and enable attributes as needed,
      # have a look at +attr_accessible+.
      #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +attr_protected+
-      # to sanitize attributes won't provide sufficient protection.
+      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
+      # +attr_protected+ to sanitize attributes provides basically the same
+      # functionality, but it makes a bit tricky to deal with nested attributes.
      def attr_protected(*args)
        options = args.extract_options!
        role = options[:as] || :default
@ -152,7 +153,7 @@ def attr_protected(*args)
      #     end
      #   end
      #
-      # When using the :default role :
+      # When using the :default role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
@ -162,15 +163,16 @@ def attr_protected(*args)
      #   customer.credit_rating = "Average"
      #   customer.credit_rating # => "Average"
      #
-      # And using the :admin role :
+      # And using the :admin role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
      #   customer.name          # => "David"
      #   customer.credit_rating # => "Excellent"
      #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +attr_accessible+
-      # to sanitize attributes won't provide sufficient protection.
+      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
+      # +attr_accessible+ to sanitize attributes provides basically the same
+      # functionality, but it makes a bit tricky to deal with nested attributes.
      def attr_accessible(*args)
        options = args.extract_options!
        role = options[:as] || :default