Module: Ransackable

Extended by:

ActiveSupport::Concern

Included in:

AuditLogEntry, ContentBlock, MediaAsset, Permission, Redirect, VisitorError

Defined in:

lib/generators/ruby_cms/templates/models/concerns/ransackable.rb

Overview

Ransack 4 safety: every model exposed to Ransack must whitelist its searchable attributes/associations. This concern is a tiny DSL:

class ContactMessage < ApplicationRecord
include Ransackable
ransack_attrs :name, :email, :message_body, :read, :created_at
ransack_assocs :user
end

Default: nothing searchable. Sortable headers can't pass through unknown attributes, which is exactly the safety guarantee we want.