I know the debate of whether this should validate has been rehashed
many times. My question is, what are the consequences of overriding
this method to force validation? Will this break fundamental things?
Will it break plugins? Is there a reason not to have a strict
validation option?
In my code I will never use this as I consider it a terribly broken
method, but some gems use it and in one case I was just burned.
I do not want invalid objects in my database under any circumstances,
since the rest of my code rationally depends on validations - e.g. I
don’t check for null associations when the association is validated to
be there.
For the uninitiated, update_attribute:
-
Does not ever validate the object, causing a massive hole in your
validation schemes. For instance, if a validation depends on anything
you update with update_attribute, that validation will not work. -
Updates ALL fields if the object has been modified. @user.email =
‘invalidemail’; @user.update_attribute(:state, ‘registered’); will
always put an invalid email in your database. -
Saves the object regardless of whether it’s been persisted. E.g.
User.new.update_attribute(:state, ‘registered’) will always save a new
user object, even if you have all kinds of validations to guarantee
associations and properties are present. This is likely to seriously
break your application if it happens.