Forum: Ruby on Rails update_attributes workaround needed?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
6fe135329ce89e00b74839a41c8e3872?d=identicon&s=25 Ehud Rosenberg (ehudros)
on 2007-04-19 23:18
Hi everyone,
I'm doing white list validations on the controller side so that
malformed data would not get to the database. However, this seems to be
tricky when updating an entity since I can't find a way to seperate the
attribute updating from the saving itself.
What i'm looking for is a way to either run white_list on the parameters
in the params array (I don't know if accessing a specific param is even
possible)
or running it on the entity itself before it is saved.

currently the code is as follows:

@post = Post.find(params[:id])
 if @post.update_attributes(params[:post])
   ...
 end

I cant seem to access the input received from the form independently
(like params[:body] if I had a body text field in the form), and since
update_attributes updates the attributes and also saves the data I'm
stuck...

Any ideas?

Thanks,
Ehud
0c660cb450f33249b6b23bcb84f0d63b?d=identicon&s=25 Dylan Markow (Guest)
on 2007-04-20 01:50
To access the "body" field, you would do the following:

params[:post][:body]
821395fe70906c8290df7f18ac4ac6cf?d=identicon&s=25 Rick Olson (Guest)
on 2007-04-20 06:24
(Received via mailing list)
On 4/19/07, Dylan Markow <rails-mailing-list@andreas-s.net> wrote:
>
> To access the "body" field, you would do the following:
>
> params[:post][:body]

You can also do @post.attributes = params[:post].  It updates the
attributes without saving them to the database.


--
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
520373e1a8d7a368c45c3a430832063d?d=identicon&s=25 Piotr Wlodarek (qertoip)
on 2007-04-20 10:13
Ehud Rosenberg wrote:

> Any ideas?

In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid
object. You will also be able to use model's valid? method.
6fe135329ce89e00b74839a41c8e3872?d=identicon&s=25 Ehud Rosenberg (ehudros)
on 2007-04-21 16:33
Piotr Wlodarek wrote:
> Ehud Rosenberg wrote:
>
>> Any ideas?
>
> In Rails, input validation should be done in model, not in controller.
>
> Then you will be given false or exception when trying to save invalid
> object. You will also be able to use model's valid? method.

hmm... that sounds reasonable. How can I hook to the save method and run
white list on the relevant columns before they are inserted to the
database?
520373e1a8d7a368c45c3a430832063d?d=identicon&s=25 Piotr Wlodarek (qertoip)
on 2007-04-21 21:02
Ehud Rosenberg wrote:

>> In Rails, input validation should be done in model, not in controller.
>>
>> Then you will be given false or exception when trying to save invalid
>> object. You will also be able to use model's valid? method.
>
> hmm... that sounds reasonable. How can I hook to the save method and run
> white list on the relevant columns before they are inserted to the
> database?

Use Rails Validations.
6fe135329ce89e00b74839a41c8e3872?d=identicon&s=25 Ehud Rosenberg (ehudros)
on 2007-04-21 22:23
> Use Rails Validations.

I'm not sure validations are what I'm looking for...
I want to mannipulate the data saved, not run a test on it whether it
caontains forbidden strings. It would probably work as the validate
method run for each save, but would not be very pretty imo.

Is there another way to hook into the save mechanism of a model?
6fe135329ce89e00b74839a41c8e3872?d=identicon&s=25 Ehud Rosenberg (ehudros)
on 2007-04-21 23:37
Ehud Rosenberg wrote:
>
>> Use Rails Validations.
>
> I'm not sure validations are what I'm looking for...
> I want to mannipulate the data saved, not run a test on it whether it
> caontains forbidden strings. It would probably work as the validate
> method run for each save, but would not be very pretty imo.
>
> Is there another way to hook into the save mechanism of a model?

found it myself - before_validation is what im looking for
This topic is locked and can not be replied to.