2 def check_update_whitelist permitted_fields
3 attribute_names.each do |field|
4 if not permitted_fields.include? field.to_sym and self.send((field.to_s + "_changed?").to_sym)
5 errors.add field, "illegal update of field"
10 def validate_state_change
11 if self.state_changed?
12 unless state_transitions[self.state_was].andand.include? self.state
13 errors.add :state, "invalid state change from #{self.state_was} to #{self.state}"