Is it safe to allow mass assignment of associations?

Item belongs_to :user
attr_accessible :user

is this safe? Item.user_id is still protected, and Item.user can’t be
set by mass assignment from a web request because the parameters are
all strings - trying to assign a string to Item.user raises
AssociationTypeMismatch. Even setting params[‘item’][‘user’] to an
empty string would raise an error.

The benefit of this approach is that I can still use mass assignment
of associations in my own code.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs