Rails - Apr 2007 - update_attributes workaround needed?

Hi everyone,
I''m doing white list validations on the controller side so that
malformed data would not get to the database. However, this seems to be
tricky when updating an entity since I can''t find a way to seperate the
attribute updating from the saving itself.
What i''m looking for is a way to either run white_list on the
parameters
in the params array (I don''t know if accessing a specific param is even
possible)
or running it on the entity itself before it is saved.

currently the code is as follows:

@post = Post.find(params[:id])
 if @post.update_attributes(params[:post])
   ...
 end

I cant seem to access the input received from the form independently
(like params[:body] if I had a body text field in the form), and since
update_attributes updates the attributes and also saves the data I''m
stuck...

Any ideas?

Thanks,
Ehud

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

To access the "body" field, you would do the following:

params[:post][:body]

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 4/19/07, Dylan Markow
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
> To access the "body" field, you would do the following:
>
> params[:post][:body]
You can also do @post.attributes = params[:post].  It updates the
attributes without saving them to the database.


-- 
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ehud Rosenberg wrote:
> Any ideas?
In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid 
object. You will also be able to use model''s valid? method.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Piotr Wlodarek wrote:
> Ehud Rosenberg wrote:
> 
>> Any ideas?
> 
> In Rails, input validation should be done in model, not in controller.
> 
> Then you will be given false or exception when trying to save invalid 
> object. You will also be able to use model''s valid? method.
hmm... that sounds reasonable. How can I hook to the save method and run 
white list on the relevant columns before they are inserted to the 
database?

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ehud Rosenberg wrote:
>> In Rails, input validation should be done in model, not in controller.
>> 
>> Then you will be given false or exception when trying to save invalid 
>> object. You will also be able to use model''s valid? method.
> 
> hmm... that sounds reasonable. How can I hook to the save method and run 
> white list on the relevant columns before they are inserted to the 
> database?
Use Rails Validations.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

> Use Rails Validations.
I''m not sure validations are what I''m looking for...
I want to mannipulate the data saved, not run a test on it whether it 
caontains forbidden strings. It would probably work as the validate 
method run for each save, but would not be very pretty imo.

Is there another way to hook into the save mechanism of a model?

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ehud Rosenberg wrote:
> 
>> Use Rails Validations.
> 
> I''m not sure validations are what I''m looking for...
> I want to mannipulate the data saved, not run a test on it whether it 
> caontains forbidden strings. It would probably work as the validate 
> method run for each save, but would not be very pretty imo.
> 
> Is there another way to hook into the save mechanism of a model?
found it myself - before_validation is what im looking for

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---