I was just working with a model where I am using attr_protected as
only certain attributes should be set depending on the context and I
was wondering if there is a convention when it comes to setting
multiple protected attributes?
The rubbish way
user = User.find(id)
user.name = params[:user][:name]
user.email = params[:user][:email]
One attribute per line is a bit tiresome, so you can do:
[:name, :email].each do |attr|
Is there an obvious nicer way I’m missing?
As an alternative I have made a quick monkey patch to AR::Base that
user.update_attributes_safely([:name, :email], params[:user])
This just picks the specified keys from the hash, ignoring the
protected attributes, but to me seems just as safe? Update_attributes
itself could easily be modified too instead of adding another method.
Anyone else do similar?