Rails 2.0 turn on mass assignment

Can anyone tell me how to turn on mass assignment in rails 2.0. I am
facing a problem accessing a value of an attr_protected value sat by a
plugin I am using. I need this value to be assigned to a modle object
but it is silently discarded. Please help.

if it’s only one attribute, why not just assign with:

@object.update_attribute(:attribute, value)

On Feb 11, 2008, at 12:40 , Nuwan Chaturanga wrote:

Can anyone tell me how to turn on mass assignment in rails 2.0. I am
facing a problem accessing a value of an attr_protected value sat by a
plugin I am using. I need this value to be assigned to a modle object
but it is silently discarded. Please help.

Protected attributes are ignored in mass-assignment, that’s the whole
point of attr_protected!

If the plugin sets the attribute with regular assignment it will get
saved anyway, I mean this sequence updates the protected attribute:

model.protected_attribute = value
if model.update_attributes(params[:model])
  # protected was updated to value, no matter
  # what params[:model] has about it
end

If the plugin uses mass-assignemnt itself either the atribute cannot
be protected or else you need to patch the plugin.

– fxn

On 2/11/08, Xavier N. [email protected] wrote:

On Feb 11, 2008, at 12:40 , Nuwan Chaturanga wrote:

Can anyone tell me how to turn on mass assignment in rails 2.0. I am
facing a problem accessing a value of an attr_protected value sat by a
plugin I am using. I need this value to be assigned to a modle object
but it is silently discarded. Please help.

Protected attributes are ignored in mass-assignment, that’s the whole
point of attr_protected!

Correct! The OP should think about WHY the plugin is protecting the
attribute from mass assignment.

The reason this gets done in general is for security, to keep a
bad-guy user from changing things that shouldn’t be (passwords?
permissions? …) by forging uri’s with say, additionally query
parameters in the URI.


Rick DeNatale

My blog on Ruby
http://talklikeaduck.denhaven2.com/

Rick,

The real problem I am facing here is the plugin I use
(acts_as_better_nested_set) declares the column “parent_id” as
attr_protected which I need in a controller to reffer to the parent
object of the cutrrent node (I doubt this plugin was written prior to
Rails 2.0). I send parent_id as a hidden field value from view to the
controller where its get discarded. (I am creating a category tree
here)

in categories_controller

def create
@category = Category.new(params[:category])
pid = params[:category][:parent_id]
if(!@pid.blank?)
parent = Category.find_by_parent_id(@pid)
parent.add_child(@category) #error here
end
#other stuff
end

parent.add_child(@category) is the code where the error is thrown. It
says “a category can not be found without an Id”.

do you have any ideas?

Thanks a lot. I followed the plugin API and it worked.

On Feb 12, 2008, at 4:42 , Nuwan Chaturanga wrote:

The real problem I am facing here is the plugin I use
(acts_as_better_nested_set) declares the column “parent_id” as
attr_protected which I need in a controller to reffer to the parent
object of the cutrrent node (I doubt this plugin was written prior to
Rails 2.0).

You need to trust the plugin as a working assumption and tune your
expectations. If the attribute is protected there may be a good
reason, in principle a plugin author does not write

 attr_protected  acts_as_nested_set_options[:left_column].intern,
                 acts_as_nested_set_options[:right_column].intern,
                 acts_as_nested_set_options[:parent_column].intern

just arbitrarily. It could happen it is unnecessary, but the best
hypotheses to work on is it isn’t.

This structure needs some housekeeping for the right/left/parent
columns and I bet the library user is not supposed to deal with
parent_id directly, I guess you must go always through the API to
establish relationships.

– fxn