mass-assignment | 易学教程

Laravel 5.2 Model $fillable gets ignored?

阅读更多关于 Laravel 5.2 Model $fillable gets ignored?

问题 I have a simple Model IsolatedQuery which consists of a name and query field. I have defined those two fields in the $fillable property of the model. The IsolatedQueryController@store looks like this: public function store(IsolatedQueryRequest $request) { IsolatedQuery::insert($request->all()); session()->flash('flash_message', 'Isolated Query succesvol opgeslagen'); return redirect('iq'); } For completeness, here is the Model's source (it is as little as I described it) <?php namespace App;

Should we use strong params when we update only one attribute?

阅读更多关于 Should we use strong params when we update only one attribute?

问题 I'm working on a Rails app and I have several actions( #delete_later, #ban_later and so on) where I only set one attribute from the request parameter( specifically, a reason field for doing that action). I was wondering if it is ok to do it like this: def ban_later @object.reason = params[:object][:reason] @object.save end Or is it a best practice to use strong params even in this situation? def ban_later @object.reason = object_params[:reason] @object.save end private def object_params

Delayed_job (2.1.4) error: Job failed to load: instance of IO needed. Handler nil

阅读更多关于 Delayed_job (2.1.4) error: Job failed to load: instance of IO needed. Handler nil

问题 I created a simplistic achievements system and wanted to introduce delayed_job (2.1.4) to take care of the processing. However, the handler column in the delayed_jobs table is always nil, which results in the last_error text: Job failed to load: instance of IO needed. Handler nil Here is my setup: Achievement Observer class AchievementObserver < ActiveRecord::Observer observe User, Comment, ... def after_create(record) # initiate delayed job to check conditions Delayed::Job.enqueue(TrophyJob

nested attributes in simple_form returns mass assignment error

阅读更多关于 nested attributes in simple_form returns mass assignment error

问题 Models: class Topic < ActiveRecord::Base has_many :posts, :dependent => :destroy validates :name, :presence => true, :length => { :maximum => 32 } attr_accessible :name, :post_id end class Post < ActiveRecord::Base belongs_to :topic, :touch => true has_many :comments, :dependent => :destroy accepts_nested_attributes_for :topic attr_accessible :name, :title, :content, :topic, :topic_attributes end View: <%= simple_form_for :post, :url => { :controller => :posts, :action => "create" } do |f| %>

Mongoid: How to prevent undefined fields from being created by mass assignment?

阅读更多关于 Mongoid: How to prevent undefined fields from being created by mass assignment?

问题 Here's the code: class M include Mongoid::Document field :name end params = { name: "foo", age: 20 } M.create(params) #=> #<M name: "My Name", age: 20> Notice that age wasn't defined, yet it was saved. This is problematic (potentially a source of DoS) because a malicious user can add any parameters in POST and unknown fields with a large string can sneak in. (e.g. name=foo&bogus=#{'x'*1000000} ) So far, I couldn't find anything but attr_accessible , but it's not really great for Mongoid as

Rails: MassAssignmentSecurity::Error

阅读更多关于 Rails: MassAssignmentSecurity::Error

Following the ruby on rails guide developer can't mass-assign protected fields but don't get exception trying to do it, right? But in my case mass-assignment different params through new method in rails application: @edition = Edition.new params[:edition] raise following exception: ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: price Why? Did I understand something incorrectly? Is it a way not to get the mass-assignment exception? It's not convenient to delete protected attributes from hashes before assignments i think. Update: Edition model: class Edition

Rails - Accepts_nested_attributes_for mass assignment error

阅读更多关于 Rails - Accepts_nested_attributes_for mass assignment error

问题 I am currently trying to set up a form with nested fields on a belongs_to relationship, but I am running into a mass assignment error. My code so far is as follows (some html removed): Sale model: class Sale < ActiveRecord::Base attr_accessible :customer_attributes belongs_to :customer accepts_nested_attributes_for :customer end new.html.erb: <div class="container"> <%= form_for :sale, :url => sales_path do |sale| -%> <%= sale.fields_for :customer do |customer_builder| %> <%= render :partial

Mongoid: How to prevent undefined fields from being created by mass assignment?

阅读更多关于 Mongoid: How to prevent undefined fields from being created by mass assignment?

Here's the code: class M include Mongoid::Document field :name end params = { name: "foo", age: 20 } M.create(params) #=> #<M name: "My Name", age: 20> Notice that age wasn't defined, yet it was saved. This is problematic (potentially a source of DoS) because a malicious user can add any parameters in POST and unknown fields with a large string can sneak in. (e.g. name=foo&bogus=#{'x'*1000000} ) So far, I couldn't find anything but attr_accessible , but it's not really great for Mongoid as you have to maintain the same field names in both field and attr_accessible all the time, in all models.

Laravel 4 mass assignment guarded not work

阅读更多关于 Laravel 4 mass assignment guarded not work

I wonder what wrong in my code that I can't protected 2 input username and password In my controller: class AccountsController extends \BaseController { ... public function store() { $date = new \DateTime; $input['updated_at']=$date; $input['created_at']=$date; $input['username']=Input::get("username", ""); $input['password']=Input::get("password", ""); $input['sex']=Input::get("sex", ""); $input['dob']=Input::get("dob", ""); $input['dob']= date("Y-m-d", strtotime($input['dob'])); $v=Validator::make($input, Account::$register_rules); $input['password']=Hash::make($input['password']); if($v-

Delayed_job (2.1.4) error: Job failed to load: instance of IO needed. Handler nil

阅读更多关于 Delayed_job (2.1.4) error: Job failed to load: instance of IO needed. Handler nil

I created a simplistic achievements system and wanted to introduce delayed_job (2.1.4) to take care of the processing. However, the handler column in the delayed_jobs table is always nil, which results in the last_error text: Job failed to load: instance of IO needed. Handler nil Here is my setup: Achievement Observer class AchievementObserver < ActiveRecord::Observer observe User, Comment, ... def after_create(record) # initiate delayed job to check conditions Delayed::Job.enqueue(TrophyJob.new(record.id, record.class.name)) end ... end Trophy Job class TrophyJob < Struct.new(:record_id,