Update_attributes workaround needed?

ehudros · April 19, 2007, 11:18pm

Hi everyone,
I’m doing white list validations on the controller side so that
malformed data would not get to the database. However, this seems to be
tricky when updating an entity since I can’t find a way to seperate the
attribute updating from the saving itself.
What i’m looking for is a way to either run white_list on the parameters
in the params array (I don’t know if accessing a specific param is even
possible)
or running it on the entity itself before it is saved.

currently the code is as follows:

@post = Post.find(params[:id])
if @post.update_attributes(params[:post])
…
end

I cant seem to access the input received from the form independently
(like params[:body] if I had a body text field in the form), and since
update_attributes updates the attributes and also saves the data I’m
stuck…

Any ideas?

Thanks,
Ehud

ehudros · April 20, 2007, 1:50am

To access the “body” field, you would do the following:

params[:post][:body]

ehudros · April 20, 2007, 6:24am

On 4/19/07, Dylan M. [email protected] wrote:

To access the “body” field, you would do the following:

params[:post][:body]

You can also do @post.attributes = params[:post]. It updates the
attributes without saving them to the database.

–
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

ehudros · April 21, 2007, 4:33pm

Piotr W. wrote:

Ehud R. wrote:

Any ideas?

In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid
object. You will also be able to use model’s valid? method.

hmm… that sounds reasonable. How can I hook to the save method and run
white list on the relevant columns before they are inserted to the
database?

ehudros · April 20, 2007, 10:13am

Ehud R. wrote:

Any ideas?

In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid
object. You will also be able to use model’s valid? method.

ehudros · April 21, 2007, 9:02pm

Ehud R. wrote:

In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid
object. You will also be able to use model’s valid? method.

hmm… that sounds reasonable. How can I hook to the save method and run
white list on the relevant columns before they are inserted to the
database?

Use Rails Validations.

ehudros · April 21, 2007, 11:37pm

Ehud R. wrote:

Use Rails Validations.

I’m not sure validations are what I’m looking for…
I want to mannipulate the data saved, not run a test on it whether it
caontains forbidden strings. It would probably work as the validate
method run for each save, but would not be very pretty imo.

Is there another way to hook into the save mechanism of a model?

found it myself - before_validation is what im looking for

ehudros · April 21, 2007, 10:23pm

Use Rails Validations.

I’m not sure validations are what I’m looking for…
I want to mannipulate the data saved, not run a test on it whether it
caontains forbidden strings. It would probably work as the validate
method run for each save, but would not be very pretty imo.

Is there another way to hook into the save mechanism of a model?