attr-accessible

Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your gemfile

旧城冷巷雨未停 提交于 2019-12-30 05:03:41
问题 This happened when I added an attr_accessible to my Relationship model. class Relationship < ActiveRecord::Base attr_accessible :followed_id end Without using Devise or a protected_attributes gem, what is the way around this? I know that in controllers you call a private method requiring and permitting fields. Is this something you should do in the model too? What is the convention here? Thanks! 回答1: In Rails 4 you use Strong Parameters instead of Protected Attributes. (You don't need to

attr_accessible in rails Active Record

怎甘沉沦 提交于 2019-12-28 15:23:07
问题 When I use the attr_accessible to specify which fields from my Model I will expose, is it true for script/console as well? I mean something that I didn't specify as attr_accessible won't be accessible as well through console ? 回答1: This is only true for mass assignment. For instance, if you were to set attr_protected :protected in your model: >> Person.new(:protected => "test") => #<Person protected: nil> Conversely, you could set all attributes you want as accessible using attr_accessible .

attr_accessible in rails Active Record

冷暖自知 提交于 2019-12-28 15:21:17
问题 When I use the attr_accessible to specify which fields from my Model I will expose, is it true for script/console as well? I mean something that I didn't specify as attr_accessible won't be accessible as well through console ? 回答1: This is only true for mass assignment. For instance, if you were to set attr_protected :protected in your model: >> Person.new(:protected => "test") => #<Person protected: nil> Conversely, you could set all attributes you want as accessible using attr_accessible .

In Rails, how do I limit which attributes can be updated, without preventing them from being created?

纵然是瞬间 提交于 2019-12-24 13:05:17
问题 I have a situation where an attribute can be created through a JSON API. But once it is created, I want to prevent it from ever being updated. This constraint causes my first solution, which is using attr_accessible , to be insufficient. Is there a nice way to handle this type of situation in rails, or do I have to perform a manual check in the update method? 回答1: You can use attr_readonly, this will allow the value to be set on creation, but ignored on update. Example: class User <

rails attr_accessible rspec check

假装没事ソ 提交于 2019-12-22 05:51:11
问题 When I want to test if attribute is / is not accessible with RSpec I'm doing it like this class Foo attr_accesible :something_else end describe Foo do it('author should not be accessible') {lambda{described_class.new(:author=>true)}.should raise_error ActiveModel::MassAssignmentSecurity::Error} it('something_else should be accessible'){lambda{described_class.new(:something_else=>true)}.should_not raise_error ActiveModel::MassAssignmentSecurity::Error} end is there better way doing that ? ..

Using Rails 3.1 :as => :admin for updating attributes protected by attr_accessible

懵懂的女人 提交于 2019-12-18 19:37:14
问题 After reading about attr_accessible in the Rails 3.1 API, I see that there is an as :admin option in there. I would like to know two things. If the user has an admin flag, how do does my controller tell my model that the user is an admin. If the user is an owner, can i specify :as => owner in my model, and once again how does my controller inform my model they are the owner of an item. 回答1: There is no built-in integration with models; you pass in the role in the assign_attributes call:

rails attr_accessible rspec check

生来就可爱ヽ(ⅴ<●) 提交于 2019-12-05 07:30:51
When I want to test if attribute is / is not accessible with RSpec I'm doing it like this class Foo attr_accesible :something_else end describe Foo do it('author should not be accessible') {lambda{described_class.new(:author=>true)}.should raise_error ActiveModel::MassAssignmentSecurity::Error} it('something_else should be accessible'){lambda{described_class.new(:something_else=>true)}.should_not raise_error ActiveModel::MassAssignmentSecurity::Error} end is there better way doing that ? ...thx This is the way attribute accessibility tests are done in the Rails Tutorial , which I think are

attr_accessible in rails Active Record

馋奶兔 提交于 2019-11-28 10:03:43
When I use the attr_accessible to specify which fields from my Model I will expose, is it true for script/console as well? I mean something that I didn't specify as attr_accessible won't be accessible as well through console ? This is only true for mass assignment. For instance, if you were to set attr_protected :protected in your model: >> Person.new(:protected => "test") => #<Person protected: nil> Conversely, you could set all attributes you want as accessible using attr_accessible . However, the following will still work: >> person = Person.new => #<Person protected: nil> >> person

Forbidden Attributes Error in Rails 4 when encountering a situation where one would have used attr_accessible in earlier versions of Rails

喜你入骨 提交于 2019-11-28 06:44:11
With the recent upgrade to Rails 4, updating attributes using code resembling the below does not work, I get a ActiveModel::ForbiddenAttributes error: @user.update_attributes(params[:user], :as => :admin) Where User has the following attr_accessible line in the model: attr_accessible :role_ids, :as =>admin # or any attribute other than :role_ids contained within :user How do you accomplish the same task in Rails 4? Rails 4 now has features from the strong_parameters gem built in by default. One no longer has to make calls :as => :admin , nor do you need the attr_accessible :user_attribute, :as

Using attr_accessor and attr_accessible on the same field

独自空忆成欢 提交于 2019-11-27 07:27:39
What happens in the background with the following code? class User < ActiveRecord::Base attr_accessor :name attr_accessible :name end Hint: When instantiating the class, will it be persisted to the database? Why or why not? attr_accessor is ruby code and is used when you do not have a column in your database, but still want to show a field in your forms. The only way to allow this is to attr_accessor :fieldname and you can use this field in your View, or model, if you wanted, but mostly in your View. attr_accessible allows you to list all the columns you want to allow Mass Assignment, as andy
订阅 attr-accessible