search for: attr_protected

(I posted this as a bug in GitHub (https://github.com/rails/rails/issues/7018), but then someone there told me I should post it here, so here it is.) If you set attr_accessible on some properties in an ActiveRecord-descended class, and then attr_protected on others - the class becomes ''default-open'' - if any properties are missed or added later, they will be accessible by default to MassAssignment. This undoes the entire point of having put attr_accessible in one''s class. Two possible solutions - #1) ''default...

...ramp up on Ruby and coding Ruby in Rails, however it''s my 3rd day with this beast :) so I''m asking : When I added protected methods to the model before it was like: protected method.................... end Would this be a valid way to write a protected method as well ?: attr_protected :column1, :column2 Perhaps this particular call is already protected inherent to the call, yet do I need to surround it with "protected" and "end" ? TIA Stuart -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/piperma...

Offhand does anyone know if the primary key of a model (typically id) attr_protected by default? If its not, why isn''t it? - Jeff _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails

Hi! I''m new to Rails! Rails rox! 1 quesion so far: I have :email attribute in User model. I dont'' want :email to allow to be updated. How do i do this with Rails? Do I have to implement required validation manually? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails:

...rom mass assignment. The example looks like this: describe Order do it "should protect total attribute from mass assignment" do @order = Order.new(:total => 0.05) @order.total.should_not == 0.05 end end And the code to implement it: class Order < ActiveRecord::Base attr_protected :total end It seems to work, but is there a better way? Not saying that this way is bad, just that I''m very green :) Question Two: I actually have a bunch of attributes that need to be protected. Rather than hand-writing a call to the ''it'' method for each attribute, c...

I''ve been puzzling over how to test that attr_accessible has been set for the correct columns; but the tests I''ve come up with so far seem to fail to fail when I expect. I came across this old message from this list: http://www.mail-archive.com/rspec-users at rubyforge.org/msg01570.html Which seemed like a plausible example, but my attempt (modeled on the example)

Hi, I''ve used .save to save the attributes, but on my table there is an autoincrementing id (not the primary key) that doesn''t need to be inserted... but save try to INSERT it anyway... is there a way to avoid save from acting this way or to whisper him to be more polite this time? ;) Thanks, Enrico -- "The only thing necessary for the triumph of evil is for good men to do

Hi, This does not seem to be covered anywhere. Since base class extends ActiveRecord with a table that has fields for all heirs, would that mean that any heir class can access any of those attributes, including ones that belong to other heirs? Or I am missing something? -- Posted via http://www.ruby-forum.com/.

I got the following error when trying to create the elibrary instance (rdb:21) @elibrary = Elibrary.new(params[:elibrary]) RuntimeError Exception: Declare either attr_protected or attr_accessible for Elibrary, but not both. params : "elibrary"=>{"title"=>"bingo three", "short_description"=>"something new", "description"=>"<p>fsdfgdsg</ p>"} Elibrary is declared as inherite...

Anyone have an idea on this? Got a weird situation where on a specific model I can not create an instance using params, yet it works fine on other models. The model which does not work is a stock model, there is no logic in it. Ruby 1.8.7/Rails 3.0.5. Does not work: (rdb:1) PaymentTransaction.create(:purchase_id => 3) #<PaymentTransaction id: 2, purchase_id: nil, action: nil, amount: nil,

While doing @foo = Bar.new(params[:foo]) in a controller, the application is open to injection attacks. For example, My model has following attributes : name password admin - boolean Now, if on my form I''m just acception name & password, and doing @foo = Bar.new(params[:foo]) in my controller, someone can just enter following in form : <%= text_field ''foo'',

Hi List, I have a table that contains several fields that must be initialized when first created, but may not be altered afterwards (when updating the other fields) because they can be changed by external processes. I noticed that the ActiveRecord update commands (even update_attribute) only seem to work by loading the complete record, changing fields that need to be changed and doing a full

...uot;2008-05-25", amount: #<BigDecimal: 46958f8,''0.5E1'',4(8)>, created_at: nil, updated_at: nil, invoice_id: nil, creator: nil, check_number: nil, payable_type: "Student", payable_id: 608> >> p.valid? => false >> p.school_id = 1 # school_id is attr_protected => 1 >> p.valid? => true >> p.save => nil >> p.save! => nil >> p.save_with_validation => true Why is save returning nil? Why is save_with_validation working? I have a Tuition model that is very similar to the Payment model and it does not have this problem....

Hi, I have a AR model that I want to limit changes to be only via instance methods that I''ve added. How do I prevent my other sw from setting the instance''s attributes? I know about #attr_protected and #attr_readonly. But the first leaves the individual setters as they were and the second stops all changes. I want something like "attr_private" Thoughts? Thanks, Larry -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received th...

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

...er, the UPDATE statement produced by update_attributes will still assign a value to this column. Even though its unlikely, if the separate process updates the record in the time betweent the find, and the update, then the new value will be lost. Is there a way to prevent this from happening? p.s. attr_protected doesn''t help me -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39...

Anyone got any idea of how to use built-in validation methods in a mixed-in module. What I''ve got at the moment is each class that needs ranking methods includes [the module] Ranking. Then the module Ranking has a bunch of instance methods and a submodule ClassMethods. The ClassMethods in this are mixed in to the class with self.included. So far so good. But I want the module to

Howdy, I''m writing an ''edit profile'' screen. I was writing some tests first (yay!), and I realized that, if you were smart, you could use the edit form to change your username. I know I could use attr_protected on username, but that would still allow for usernames to be changed (abeit not through the form). How can I make the username read only AFTER the object has been created? Is attr_reader what I need? I thought about doing it with before_validation_on_update, but I''m not sure as to what...

I have a model that uses attr_accessible, and in my tests I get this: RuntimeError (Declare either attr_protected or attr_accessible for User, but not both.): /var/lib/gems/1.8/gems/activerecord-2.0.2/lib/active_record/ base.rb:2307:in `remove_attributes_protected_from_mass_assignment'' /var/lib/gems/1.8/gems/activerecord-2.0.2/lib/active_record/ base.rb:2114:in `attributes='' /var/...

Hello, my goal is to implement the option of specifying a condition in attr_protected, attr_readonly and possibly other attribute methods in ActiveRecord objects. Rationale (example): class User < AR:Base # User should not be able to modify fields any more once they have been verified attr_readonly :firstname, :lastname, :gender_id, :birthdate, :if => :passport_verified?...