mass-assignment

问题 Consider a Store that has_many Products which have_many Opinions. Here are Models: Store: class Store < ActiveRecord::Base attr_accessible :desc, :location, :name, :phone, :status, :url has_many :products has_many :opinions, :through => :products end Product: class Product < ActiveRecord::Base attr_accessible :desc, :name, :status, :url belongs_to :store has_many :opinions end finally, Opinion: class Opinion < ActiveRecord::Base attr_accessible :content, :eval, :status belongs_to :store

问题 I have added this fix https://gist.github.com/2382288 for protect all fields against mass assignment in mongoid app. in my config/initializers/mongoid.rb I have added this fix: module Mongoid module MassAssignmentSecurity extend ActiveSupport::Concern included do attr_accessible nil end end module Document include MassAssignmentSecurity end end My question is: this fix completely protects your application against attacks mass assignment? Or is recommended to add attr_accessible all the

问题 In my app, a Product has_many opinions, which are written by many clients. Here are models with associations: class Product < ActiveRecord::Base attr_accessible :name, :desc, :price has_many :opinions end class Client < ActiveRecord::Base attr_accessible :name, :bio has_many :opinions end class Opinion < ActiveRecord::Base attr_accessible :rate, :comment belongs_to :client, :product end In parameters, I have the evaluation invitation id, which helps me to get both product_id and client_id (so

问题 I am new in Laravel. This is my laravel controller: public function store() { $validator = Validator::make($data = Input::all(), City::$rules); if ($validator->fails()) { return Redirect::back()->withErrors($validator)->withInput(); } $image_temp=Input::file('image'); $name = Input::file('image')->getClientOriginalName(); $data['image']=''; if(Image::make($image_temp->getRealPath())->save('public/up/city/'.$name)){ $data['image']='up/city/'.$name; } City::create($data); return Redirect::route

问题 I've defined a virtual attribute: class ContactForm extends Model { public $name; // is not a DB field I've noticed that it is not populated during massive assignment (after submitting the form, in $model->load($_POST) ). Can it be somehow populated along with DB attributes? Or am I doing something wrong that is not populated however it should be? Thanks! 回答1: Docs: Massive Assignments Like normal models, Active Record instances also enjoy the massive assignment feature. Using this feature,

问题 I have the following model relationships: OrderModel: has_one :credit_card accepts_nested_attributes_for :credit_card attr_accessible :user_id, :date_updated, :date_finished, :amount, :payment_method, :status, :billing_cycle, :auth_net_subscription_id, :billing_start_date, :credit_card_attributes, :billing_address_id, :cc_id CreditCardModel: belongs_to :order Here is my Order Controller (orders#checkout) def checkout @order = current_order @cc = CreditCard.new @order.build_credit_card respond

问题 I am trying to add one field to my registration page that uses devise. I followed the instructions in the Devise document. The new field is the "role" field. I have already succesfully migrated it to the database. I am now trying to make it so that the signup works. Here is the new applicationcontroller: class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with:

问题 I've been looking around and trying to see how I would handle mass-assignment with Rails 4. I know this question has been beaten to death, but from my search, I've only come across answers that require the protected_attributes gem and attr_accessible. Now I'm not sure if that is still the industry standard on this, so I wanted to ask. I'm using Rails 4.0.1 and I am trying to figure out how I can limit specific parameter updates to admin accounts only. Here are the parameters: :title, :summary

问题 I have a model that doesn't seem to be mass assignable, even though I have filled in the $fillable fields: class LoginAttempt extends Eloquent { protected $table = 'login_history'; protected $fillable = array('remote_addr', 'user_agent', 'successful'); public function user() { return $this->belongsTo('User'); } } Which is using this schema: login_history id user_id remote_addr user_agent successful created_at updated_at When I mass assign the instance with these variables, $vars = array(

问题 I just spent quite some time trying to resolve a virtual attribute issue in my model. It turned out I'd simply forgotten to add it to attr_accesible in my model. Granted I should have caught it earlier or better should have started the whole endeavor by adding it to attr_accessible in the first place. To keep this from happening again, is there a configuration setting I can flag to throw an exception on development if I try to mass assign something and validate it when it is protected