Rails core - Aug 2012 - Any interest in "sudo" methods for bypassing mass-assignment?

I wrote a gem <https://github.com/beerlington/sudo_attributes> a while ago
that adds sudo_* methods to ActiveRecord models to bypass mass-assignment 
protection, and I was curious if there would be any interest in adding 
similar functionality to Rails. I find it really useful when you want to 
quickly create a few records in the console, but can''t remember the
syntax
for "without_protection" or which role can update which attributes. 
Other potential uses could be for seed data and tests.

Here are a few examples of how you might use it:

# Given a User class
class User < ActiveRecord::Base
  attr_accessible :nameend

# Creating a new user> User.sudo_create(name: ''Pete'',
email: ''email@example.com'', account: Account.first)

# Updating an existing user
> new_account = Account.last
> User.find(1).sudo_update_attributes(account: new_account)
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-core/-/D1l2gNvoaoQJ.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

> but can''t remember the syntax for "without_protection"

At the risk of asking the obvious question, what exactly is so confusing about..
User.create({name: ''Pete'', email:
''email@example.com'', account: Account.first},
without_protection: true)
and…
User.find(1).update_attributes({account: new_account}, without_protection: true)
?

Maybe it''s just me, but the differences between this and sudo_* seems
so minimal that I don''t think it''s worth it.

Godfrey

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

We are going to remove mass-assignment protection in the model layer from
the core so I think we are not interested.

Rafael Mendonça França
http://twitter.com/rafaelfranca
https://github.com/rafaelfranca



On Sun, Aug 12, 2012 at 11:39 PM, Godfrey Chan <godfreykfc@gmail.com>
wrote:
> but can''t remember the syntax for "without_protection"
>
>
> At the risk of asking the obvious question, what exactly is so confusing
> about..
>
> User.create({name: ''Pete'', email:
''email@example.com'', account: Account.first},
without_protection: true)
>
> and…
>
> User.find(1).update_attributes({account: new_account}, without_protection:
true)
>
> ?
>
> Maybe it''s just me, but the differences between this and sudo_*
seems so
> minimal that I don''t think it''s worth it.
>
> Godfrey
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To post to this group, send email to rubyonrails-core@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-core+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-core?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

Rafael, 

That''s good to know, thanks!

On Sunday, August 12, 2012 10:45:53 PM UTC-4, Rafael Mendonça França
wrote:
>
> We are going to remove mass-assignment protection in the model layer from 
> the core so I think we are not interested.
>
> Rafael Mendonça França
> http://twitter.com/rafaelfranca
> https://github.com/rafaelfranca
>
>
>
> On Sun, Aug 12, 2012 at 11:39 PM, Godfrey Chan
<godfr...@gmail.com<javascript:>
> > wrote:
>
>> but can''t remember the syntax for
"without_protection"
>>
>>
>> At the risk of asking the obvious question, what exactly is so
confusing
>> about..
>>
>> User.create({name: ''Pete'', email:
''em...@example.com <javascript:>'', account:
Account.first}, without_protection: true)
>>
>> and…
>>
>> User.find(1).update_attributes({account: new_account},
without_protection: true)
>>
>> ?
>>
>> Maybe it''s just me, but the differences between this and
sudo_* seems so
>> minimal that I don''t think it''s worth it.
>>
>> Godfrey
>>
>> -- 
>> You received this message because you are subscribed to the Google
Groups
>> "Ruby on Rails: Core" group.
>> To post to this group, send email to
rubyonra...@googlegroups.com<javascript:>
>> .
>> To unsubscribe from this group, send email to 
>> rubyonrails-co...@googlegroups.com <javascript:>.
>> For more options, visit this group at 
>> http://groups.google.com/group/rubyonrails-core?hl=en.
>>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-core/-/Xy6meZA2JuEJ.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

> That''s good to know, thanks!
https://github.com/rails/strong_parameters for more deets.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.