Model Configuration
accessibleProperties()
Signature
Section titled “Signature”accessibleProperties() — returns void
Available in: model
Category: Miscellaneous Functions
Description
Section titled “Description”Use this method inside your model’s config() function to whitelist which properties can be set via mass assignment operations (such as updateAll(), updateOne() and etc). This helps protect your model from accidental or malicious updates to sensitive fields (e.g., isAdmin, passwordHash, etc.).
Parameters
Section titled “Parameters”| Name | Type | Required | Default | Description |
|---|---|---|---|---|
properties | string | no | — | Property name (or list of property names) that are allowed to be altered through mass assignment. |
Examples
Section titled “Examples”1. Allow only one property
// In app/models/User.cfc
function config() {
// Only allow `isActive` to be set through mass assignment
accessibleProperties("isActive");
}
// Example usage
User.updateAll(isActive=true);
2. Allow multiple properties
// In app/models/User.cfc
function config() {
// Allow name and email to be set
accessibleProperties("firstName,lastName,email");
}
// Example usage
User.create(firstName="new", lastName="user", email="new@example.com");
3. Dynamic restriction per model
// In app/models/Post.cfc
function config() {
if (application.env.environment == "production") {
// Lock down sensitive fields in production
accessibleProperties("title,content");
} else {
// In dev, keep it open for testing
}
}