How to create when attr_protected?

Hello,

I’m facing a small issue here with protected columns from being updated.
(email, username)

So I thought attr_protected is the solution, but this destroy my
creation of user?

I cannot assign email when creating new user?

How do I solve this small issue?

On Aug 12, 9:47 am, Jamal S. [email protected]
wrote:

Hello,

I’m facing a small issue here with protected columns from being updated.
(email, username)

So I thought attr_protected is the solution, but this destroy my
creation of user?

attr_protected means you cannot assign the attribute using create (or
update_attributes etc…)

It does not mean that you can’t do user.email = ‘…’

Fred

Frederick C. wrote:

On Aug 12, 9:47�am, Jamal S. [email protected]
wrote:

Hello,

I’m facing a small issue here with protected columns from being updated.
(email, username)

So I thought attr_protected is the solution, but this destroy my
creation of user?

attr_protected means you cannot assign the attribute using create (or
update_attributes etc…)

It does not mean that you can’t do user.email = ‘…’

Fred

Thanks for fast answer.

well, that’s a problem then because I need to assign everything myself?

In my controller I did this normally.

For new user

@user = User.new(params[:user])
@user.save

When updating

@user = session[:user] // when logged in
@user.update_attributes(params[:user])

Is this wrong?

When can I use before_update and before_create to handle these cases?

I also think update_attributes goes through all the columns before
updating to check if any variable has changed :S

On Aug 12, 10:02 am, Jamal S. [email protected]
wrote:

Thanks for fast answer.

well, that’s a problem then because I need to assign everything myself?

only for those attributes marked as protected.

Fred

So I must do something like this then for now…

@user = session[:user]
@user.postal = params[:user][:postal]
@user.birthday = params[:user][:birthday]
@user.save

Just to be 100% sure that no one can update anything else :slight_smile:

Or you could use attr_readonly method (http://api.rubyonrails.org/
classes/ActiveRecord/Base.html#M002282).

On 12 août, 05:07, Jamal S. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs