I have what I think is a simple question.
Validation appears to occur upon the read of an ActiveRecord attribute,
not on the write of that attribute.
Assuming a case where you may have some transformation that needs to
happen to the data on the way in, this can create situations where if
your inbound transformation inadventertently changes your data such that
it “becomes” valid, then unless you are careful to validate that data on
the write, a form could appear to allow invalid data.
Granted, I do believe this can only occur if the inbound transformation
itself allows successful data tranformation in cases that should have
been rejected by the validation. Basically, the setters need to be
aware of the validations as well.
A concrete example is for fax numbers that are stored internally as only
digits. The form may accept a few formatting characters however. The
validation should reject any invalid characters. If the setter for the
fax number strips out all of the character data before the call to
write_attribute(), then the validation, which is looking for invalid
characters doesn’t get tripped on the read back out and the object
updates. It then appears that the user can successfully input fax
numbers with invalid data.
So my question is, why aren’t the validation rules applied whenever an
AR setter is invoked instead of when the getter is invoked? It seems
that you would have to assume that all of the setters were of the form:
def set_method=(new_set_value)
…
end
meaning only one input parameter, and then this input parameter would be
what is validated.
What am I missing here?
Thanks,
Wes