English 中文(简体)
bypass attr_accessible/protected in rails
原标题:

I have a model that, when it instantiates an object, also creates another object with the same user id.

class Foo > ActiveRecord::Base

after_create: create_bar

private

def create_bar
  Bar.create(:user_id => user_id #and other attributes)
end

end

In Bar.rb I have attr_protected to protect it from hackers.

class Bar > ActiveRecord::Base
  attr_protected :user_id, :created_at, :updated_at
end

As it stands now I can t seem to create a new Bar object without either disabling the attr_protected or having the Bar object s user_id go blank...

How can I let the bar object accept the :user_id attribute from foo without losing protection from attr_protected?

最佳回答

Try doing:

def create_bar
  bar = Bar.build(... other params ...)
  bar.user_id = user_id
  bar.save!
end
时间:2010-01-22 20:58:07
问题回答

When calling new, create, or find_or_create_by (and any others that end up calling new) you can pass an additional option, without_protection: true.

http://api.rubyonrails.org/v3.2.22/classes/ActiveRecord/Base.html#method-c-new

时间:2013-02-28 23:29:09

attr_protected filters the attributes in the attributes= method wich is called in new. You can solve your problem with:

def create_bar
  returning Bar.new( other attributes ) do |bar|
    bar.user_id = user_id
    bar.save!
  end
end
时间:2010-01-22 21:01:20


上一篇:
下一篇:


相关问题
rails collection_select vs. select

collection_select and select Rails helpers: Which one should I use? I can t see a difference in both ways. Both helpers take a collection and generates options tags inside a select tag. Is there a ...

时间:2009-11-13 11:13:04 回答:3 展示:1
SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

时间:2009-11-13 03:37:45 回答:3 展示:1
Auth-code with A-Za-z0-9 to use in an URL parameter

As part of a web application I need an auth-code to pass as a URL parameter. I am currently using (in Rails) : Digest::SHA1.hexdigest((object_id + rand(255)).to_s) Which provides long strings like : ...

时间:2009-11-09 19:05:27 回答:4 展示:1
RubyCAS-Client question: Rails

I ve installed RubyCAS-Client version 2.1.0 as a plugin within a rails app. It s working, but I d like to remove the ?ticket= in the url. Is this possible?

时间:2009-11-09 18:52:58 回答:1 展示:1
activerecord has_many :through find with one sql call

I have a these 3 models: class User < ActiveRecord::Base has_many :permissions, :dependent => :destroy has_many :roles, :through => :permissions end class Permission < ActiveRecord::...

时间:2009-11-09 16:00:01 回答:3 展示:1
Ordering a hash to xml: Rails

I m building an xml document from a hash. The xml attributes need to be in order. How can this be accomplished? hash.to_xml

时间:2009-11-09 15:49:30 回答:5 展示:1
Text Editor for Ruby-on-Rails

guys which text editor is good for Rubyonrails? i m using Windows and i was using E-Texteditor but its not free n its expired now can anyone plese tell me any free texteditor? n which one is best an ...

时间:2009-11-09 14:40:21 回答:13 展示:1
How to get SQL queries for each user where env is production

I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...

时间:2009-11-09 14:20:51 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全