Gary Weaver
2012-Aug-14 14:52 UTC
Could requirement for _attributes suffix for association names in mass assignment security and model data go away in Rails 4?
When using mass assignment security (attr_accessible, attr_protected) and accepts_nested_attributes_for, and when passing in the associated models in a request, an _attributes suffix must be added to the key/name of the attribute, even though accepts_nested_attributes_for does not require the _attributes suffix on the association''s name. In the spirit of DRY, it seems like if an association has been declared, the model should know that some_association_name is an association without having to add the _attributes suffix in attr_accessible and in JSON requests. Could Rails 4 do away with the need for the _attributes suffix in mass assignment security when referring to some_association_name that has accepts_nested_attributes_for? It seems awfully repetitive to have to specify that over and over for little reason. If anything, it seems like some new class methods specific to associations for mass assignment security would make more sense if it is having to look for an _attributes suffix. Thanks, Gary -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-core/-/UppoVeoOtLoJ. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Steve Klabnik
2012-Aug-14 14:55 UTC
Re: Could requirement for _attributes suffix for association names in mass assignment security and model data go away in Rails 4?
Even better: mass assignment security is going away: https://github.com/rails/strong_parameters -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Carlos Antonio da Silva
2012-Aug-14 15:39 UTC
Re: Could requirement for _attributes suffix for association names in mass assignment security and model data go away in Rails 4?
As an addition, accepts_nested_attributes is a feature *meant* for associations, whereas mass assignment helpers - attr_accessible and friends - are not. I don''t think it''s that worth to change it in a way to check for associations when they''re called for each attribute, that''d be a lot of effort for a not majority of use cases (ie it''d slow down the attribute definitions to search for associations). Just my two cents :). On Tue, Aug 14, 2012 at 11:55 AM, Steve Klabnik <steve@steveklabnik.com>wrote:> Even better: mass assignment security is going away: > https://github.com/rails/strong_parameters > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To post to this group, send email to rubyonrails-core@googlegroups.com. > To unsubscribe from this group, send email to > rubyonrails-core+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-core?hl=en. > >-- At. Carlos Antonio -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Gary Weaver
2012-Aug-14 15:53 UTC
Re: Could requirement for _attributes suffix for association names in mass assignment security and model data go away in Rails 4?
Steve, Cool! I just went back and read a post that a co-worker sent me a link to: http://broadcastingadam.com/2012/03/state_of_rails_apis/ That post mentioned "I hope that dhh''s strong paramters is merged into Rails 4", and I didn''t know that was planned to be the case now. I didn''t see it in the Gemfile for Rails either. Know what the roadmap for including that is? Thanks! Gary On Tuesday, August 14, 2012 10:55:18 AM UTC-4, Steve Klabnik wrote:> > Even better: mass assignment security is going away: > https://github.com/rails/strong_parameters >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-core/-/s7J1_O5i9AoJ. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Steve Klabnik
2012-Aug-14 15:56 UTC
Re: Could requirement for _attributes suffix for association names in mass assignment security and model data go away in Rails 4?
The work is being done here: https://github.com/rails/rails/tree/integrate-strong_parameters I''m not sure what the timetable is. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.