Similar to the attr_protected macro, this protects attributes of your model from mass-assignment, such as new(attributes) and attributes=(attributes) however, it does it in the opposite way. This locks all attributes and only allows access to the attributes specified. Assignment to attributes not in this list will be ignored and need to be set using the direct writer methods instead. This is meant to protect sensitive attributes from being overwritten by URL/form hackers. If you’d rather start from an all-open default and restrict attributes as needed, have a look at attr_protected.
Options
*attributes A comma separated list of symbols that represent columns not to be protected
Examples
class Customer < ActiveRecord::Base attr_accessible :name, :nickname end customer = Customer.new(:name => "David", :nickname => "Dave", :credit_rating => "Excellent") customer.credit_rating # => nil customer.attributes = { :name => "Jolly fellow", :credit_rating => "Superb" } customer.credit_rating # => nil customer.credit_rating = "Average" customer.credit_rating # => "Average"
Source Code
# File active_record/base.rb, line 853 def attr_accessible(*attributes) write_inheritable_attribute("attr_accessible", Set.new(attributes.map(&:to_s)) + (accessible_attributes || [])) end
<code/>and<pre/>for code samples.