Can anyone tell me how to turn on mass assignment in rails 2.0. I am
facing a problem accessing a value of an attr_protected value sat by a
plugin I am using. I need this value to be assigned to a modle object
but it is silently discarded. Please help.
if it’s only one attribute, why not just assign with:
@object.update_attribute(:attribute, value)
On Feb 11, 2008, at 12:40 , Nuwan Chaturanga wrote:
Can anyone tell me how to turn on mass assignment in rails 2.0. I am
facing a problem accessing a value of an attr_protected value sat by a
plugin I am using. I need this value to be assigned to a modle object
but it is silently discarded. Please help.
Protected attributes are ignored in mass-assignment, that’s the whole
point of attr_protected!
If the plugin sets the attribute with regular assignment it will get
saved anyway, I mean this sequence updates the protected attribute:
model.protected_attribute = value
if model.update_attributes(params[:model])
# protected was updated to value, no matter
# what params[:model] has about it
end
If the plugin uses mass-assignemnt itself either the atribute cannot
be protected or else you need to patch the plugin.
– fxn
On 2/11/08, Xavier N. [email protected] wrote:
On Feb 11, 2008, at 12:40 , Nuwan Chaturanga wrote:
Can anyone tell me how to turn on mass assignment in rails 2.0. I am
facing a problem accessing a value of an attr_protected value sat by a
plugin I am using. I need this value to be assigned to a modle object
but it is silently discarded. Please help.Protected attributes are ignored in mass-assignment, that’s the whole
point of attr_protected!
Correct! The OP should think about WHY the plugin is protecting the
attribute from mass assignment.
The reason this gets done in general is for security, to keep a
bad-guy user from changing things that shouldn’t be (passwords?
permissions? …) by forging uri’s with say, additionally query
parameters in the URI.
–
Rick DeNatale
My blog on Ruby
http://talklikeaduck.denhaven2.com/
Rick,
The real problem I am facing here is the plugin I use
(acts_as_better_nested_set) declares the column “parent_id” as
attr_protected which I need in a controller to reffer to the parent
object of the cutrrent node (I doubt this plugin was written prior to
Rails 2.0). I send parent_id as a hidden field value from view to the
controller where its get discarded. (I am creating a category tree
here)
in categories_controller
def create
@category = Category.new(params[:category])
pid = params[:category][:parent_id]
if(!@pid.blank?)
parent = Category.find_by_parent_id(@pid)
parent.add_child(@category) #error here
end
#other stuff
end
parent.add_child(@category) is the code where the error is thrown. It
says “a category can not be found without an Id”.
do you have any ideas?
Thanks a lot. I followed the plugin API and it worked.
On Feb 12, 2008, at 4:42 , Nuwan Chaturanga wrote:
The real problem I am facing here is the plugin I use
(acts_as_better_nested_set) declares the column “parent_id” as
attr_protected which I need in a controller to reffer to the parent
object of the cutrrent node (I doubt this plugin was written prior to
Rails 2.0).
You need to trust the plugin as a working assumption and tune your
expectations. If the attribute is protected there may be a good
reason, in principle a plugin author does not write
attr_protected acts_as_nested_set_options[:left_column].intern,
acts_as_nested_set_options[:right_column].intern,
acts_as_nested_set_options[:parent_column].intern
just arbitrarily. It could happen it is unnecessary, but the best
hypotheses to work on is it isn’t.
This structure needs some housekeeping for the right/left/parent
columns and I bet the library user is not supposed to deal with
parent_id directly, I guess you must go always through the API to
establish relationships.
– fxn