Hey guys, is there a validation that essentially acts the opposite way of "validates_presence_of". That is, the attribute in question must be nil, or blank, non-existent. If not, what''s the best way to prevent a user from altering a web form attempting to submit data to a field that they should never have access to? Thanks! -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Seirie wrote:> Hey guys, is there a validation that essentially acts the opposite way > of "validates_presence_of". That is, the attribute in question must be > nil, or blank, non-existent. If not, what''s the best way to prevent a > user from altering a web form attempting to submit data to a field > that they should never have access to?What you''re looking for is attr_accessible and/or attr_protected: http://railsapi.com/doc/rails-v2.3.5/classes/ActiveRecord/Base.html#M000920 If you were to do that in validation it would render the attribute virtually useless. You would have to bypass validation altogether in order to set it at all. What you really want is to disallow mass assignment of the attribute. That''s what the above methods do. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
brilliant, exactly what I was looking for. Thank you much Robert. On Mar 9, 11:21 pm, Robert Walker <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Seirie wrote: > > Hey guys, is there a validation that essentially acts the opposite way > > of "validates_presence_of". That is, the attribute in question must be > > nil, or blank, non-existent. If not, what''s the best way to prevent a > > user from altering a web form attempting to submit data to a field > > that they should never have access to? > > What you''re looking for is attr_accessible and/or attr_protected: > > http://railsapi.com/doc/rails-v2.3.5/classes/ActiveRecord/Base.html#M... > > If you were to do that in validation it would render the attribute > virtually useless. You would have to bypass validation altogether in > order to set it at all. What you really want is to disallow mass > assignment of the attribute. That''s what the above methods do. > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Possibly Parallel Threads
- Example for attr_accessible?
- When adding a record in console, a parameter comes in as null even when I set it
- attr_accessible on some properties + attr_protected on others makes class 'open-by-default'
- Help needed for error in foreign key validation
- Validation to make sure associations don''t change?