similar to: :attr_accessible to protect all attributes

Hi, I''m working on a Rails 3.2.2 application which has JSON APIs and I use a CLI client for inserting some data. It works fine except for the Author model. When I try to create a new post (Post belongs_to :author and Author has_many :posts) I get the following error : <h1> ActiveModel::MassAssignmentSecurity::Error in PostsController#create </h1>

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

Hi, What''s the difference between attr_accessor and attr_accessible? Is attr_accessor to create a virtual variable/object and attr_accessible makes it accessible? Do you need attr_accessible if you already have attr_accessor? Thanks! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails:

I''m going though the paper back edition of agile development with Rails. On page #128 I encountered following lines of code: attr_accessor :password attr_accessible :name,:password What''s the difference between attr_accessor and attr_accessible? -=- Neeraj _______________________________________________ Rails mailing list

Hi, I''m trying to understand this error: WARNING: Can''t mass-assign these protected attributes: active I had this error before when creating a record.I did not mark the attibutes posted from the form as attr_accessible, so when the following line tries to execute it throwed an Warning in the log, and the record was not saved. @user = User.new(params[:user]) I find out that I

Hi, What''s your best practice about the email attribute of a registered user in your DB. I don''t want people to be able to change email. But what''s best? 1) protect the email attribute with attr_protected or attr_accessible and suffer the pain of having to do user.email = .... everywhere in your code and tests 2) Keep email accessible, but write a custom

Please guide me how to use those two methods. I can''t differentiate them. I was doing something on my model and I have put one field in the attr_accessible method. After that when I try to run the app the app always says my other fields are blank, but they''re all filled up. What''s wrong with it? Thanks --~--~---------~--~----~------------~-------~--~----~ You received

i''m still new to rails and working on digesting everything i come across. recently i came across these two. what is the difference between attr_accessor and attr_accessible? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

I''m working on an app which has a :featured_at in Users and Groups tables. The attribute enables a site admin to set records to a :featured_at datetime. There''s named spaced admin controllers for the Users and Groups. The problem is, to set the :featured_at in the admin controllers for users and groups, the attribute had to be exposed under attr_accessible in User.rb and

Please refer to the ActiveModel MassAssignmentSecurity api<http://api.rubyonrails.org/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html>for this. I''m on Rails3.2.3/Ruby1.9.3 and trying to use that technique in the controller as described. It is supposed to dynamically restrict the attributes that can be mass assigned. However, sanitize_for_mass_assignment is ignoring

(I posted this as a bug in GitHub (https://github.com/rails/rails/issues/7018), but then someone there told me I should post it here, so here it is.) If you set attr_accessible on some properties in an ActiveRecord-descended class, and then attr_protected on others - the class becomes ''default-open'' - if any properties are missed or added later, they will be accessible by

Is there a way to tell Rails to ignore attr_accessible when seeding the database and to allow mass assignment with create or new? I know how to skip validations but do not find anything on mass assignment... -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

I''ve been puzzling over how to test that attr_accessible has been set for the correct columns; but the tests I''ve come up with so far seem to fail to fail when I expect. I came across this old message from this list: http://www.mail-archive.com/rspec-users at rubyforge.org/msg01570.html Which seemed like a plausible example, but my attempt (modeled on the example)

Hi! I''m new to Rails! Rails rox! 1 quesion so far: I have :email attribute in User model. I dont'' want :email to allow to be updated. How do i do this with Rails? Do I have to implement required validation manually? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails:

Is anyone out there writing specs to check attr_accessible fields? I had originally written my spec to check for allowing the desired fields, and then none of the other regular db fields. Unfortunately this isn''t satisfactory, because attr_protected could have been used instead, which of course wouldn''t prevent mass assignment to any whatever=(val) method. I''m thinking

Rails 2.3.5 I am working on a nested form that assigns roles to users through a table called clearances. I have attr_acessable turned off globally in an initializer: ActiveRecord::Base.send(:attr_accessible, nil) I have this set in clearance.rb attr_accessible(:description, :effective_from, :role_id, :superceded_after, :user_id) And this is what params looks like after the

I have a User model class User < ActiveRecord::Base has_one :account accepts_nested_attributes_for :account, :allow_destroy => true validates_associated :account attr_accessible :account_attributes is working fine, validating and updating both records (User and Account), but I caanot display the value in the form when is updated, ex: below the firstname is not displayed but

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

Hi Am building a nested form and my code works fine with sqlite3 but throws errors when using Oracle during update action. Am getting the following error: ActiveRecord::RecordNotFound in AWRequestsController#update Couldn''t find WADetail with ID=5000000015 for AWRequest with ID=5000000022.0 Request *Parameters*: {"utf8"=>"✓",

I have 2 models Timesheet and TimeEntry: class Timesheet < ActiveRecord::Base attr_accessible :status, :user_id, :time_entries_attributes has_many :time_entries, dependent: :destroy accepts_nested_attributes_for :time_entries, :reject_if => proc { |attributes| attributes[''worktime''].blank? } end class TimeEntry < ActiveRecord::Base attr_accessible :task_id,