Is there a way to set the default attr_accessible in a rails project with Mongoid?
I asked the same question
https://groups.google.com/forum/?fromgroups#!topic/mongoid/xuBbuyhiFEU
It is not currently supported, but you can do a (straight forward) monkey patch (as Benedict suggested)
https://gist.github.com/1977438
It looks a lot like AR (you can check the AR code, I'll copy it here for simplicity)
ActiveSupport.on_load(:active_record) do
if app.config.active_record.delete(:whitelist_attributes)
attr_accessible(nil)
end
app.config.active_record.each do |k,v|
send "#{k}=", v
end
end
I've never used Mongoid, so it's pretty speculative, but due to the look and feel, AR uses the Railtie initializer to set attr_accessible (nil) when this config is right.
It doesn't look like it can be done in the config at the moment, but you can probably hook it up in some way to your own initializer. In Mongoid :: Fields, if the config for protected_sensitive_fields is true (default), it calls attr_protected for id, _id, and _type. This also blacklists active_authorizer. Perhaps you could fix this and provide a better configuration for the whitelist that calls attr_accessible (nil).
So yeah, it wouldn't be a bad idea to just make a patch and then submit a pull request. The last thing the ruby community wants is another high profile mass-use fiasco.
source to share
This will do the trick:
http://groups.google.com/group/mongoid/browse_thread/thread/de5a93a350b49c02?pli=1
source to share