similar to: Validation to make sure associations don''t change?

(I posted this as a bug in GitHub (https://github.com/rails/rails/issues/7018), but then someone there told me I should post it here, so here it is.) If you set attr_accessible on some properties in an ActiveRecord-descended class, and then attr_protected on others - the class becomes ''default-open'' - if any properties are missed or added later, they will be accessible by

Apologies first, because I need to ramp up on Ruby and coding Ruby in Rails, however it''s my 3rd day with this beast :) so I''m asking : When I added protected methods to the model before it was like: protected method.................... end Would this be a valid way to write a protected method as well ?: attr_protected :column1, :column2 Perhaps this particular call

Hi! I''m new to Rails! Rails rox! 1 quesion so far: I have :email attribute in User model. I dont'' want :email to allow to be updated. How do i do this with Rails? Do I have to implement required validation manually? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails:

I have a global layout in application.rhtml and I''d like to render a partial template within it. Currently, I have this: <%= render (:partial => ''side_nav'') %> but it seems to be looking in the controller specific view directory. What is the best way to do handle controller - global partial rendering? Wes -- Posted via http://www.ruby-forum.com/.

I''m trying to set deploy an app on apache2 with the fcgid module, but can''t seem to get anywhere. Things work fine with cgi, but when i switch to fcgi, i''m stuck with a ''503: Service Temporarily Unavailable''. There''s no error being logged anywhere, afaik. Trying to run dispatch.fcgi from the shell doesn''t work either. It bombs out,

Hi, I''ve used .save to save the attributes, but on my table there is an autoincrementing id (not the primary key) that doesn''t need to be inserted... but save try to INSERT it anyway... is there a way to avoid save from acting this way or to whisper him to be more polite this time? ;) Thanks, Enrico -- "The only thing necessary for the triumph of evil is for good men to do

This is kind of a two part question. Question One: I want to be sure that an Order model is protecting sensitive attributes from mass assignment. The example looks like this: describe Order do it "should protect total attribute from mass assignment" do @order = Order.new(:total => 0.05) @order.total.should_not == 0.05 end end And the code to implement it: class Order

Hello, I''m writing a search function for my application, but I am unsure on how to search for all results that contain my search string; here''s what I''ve got: def search @products = Product.find(:all, :conditions => "date_available < now()", :conditions => [ "title ilike ?",

Hi, This does not seem to be covered anywhere. Since base class extends ActiveRecord with a table that has fields for all heirs, would that mean that any heir class can access any of those attributes, including ones that belong to other heirs? Or I am missing something? -- Posted via http://www.ruby-forum.com/.

Hi, Suppose I have a resource such as http://localhost:3000/topsecret/data that requires the user to login first. What I did was make use of before_filter to check and see if the session variable is set with the logged in user''s id (similar to the example in "Agile Web Development with Rails"). However while the filtering function does work correctly in redirecting the

Anyone have an idea on this? Got a weird situation where on a specific model I can not create an instance using params, yet it works fine on other models. The model which does not work is a stock model, there is no logic in it. Ruby 1.8.7/Rails 3.0.5. Does not work: (rdb:1) PaymentTransaction.create(:purchase_id => 3) #<PaymentTransaction id: 2, purchase_id: nil, action: nil, amount: nil,

While doing @foo = Bar.new(params[:foo]) in a controller, the application is open to injection attacks. For example, My model has following attributes : name password admin - boolean Now, if on my form I''m just acception name & password, and doing @foo = Bar.new(params[:foo]) in my controller, someone can just enter following in form : <%= text_field ''foo'',

Hi List, I have a table that contains several fields that must be initialized when first created, but may not be altered afterwards (when updating the other fields) because they can be changed by external processes. I noticed that the ActiveRecord update commands (even update_attribute) only seem to work by loading the complete record, changing fields that need to be changed and doing a full

I got the following error when trying to create the elibrary instance (rdb:21) @elibrary = Elibrary.new(params[:elibrary]) RuntimeError Exception: Declare either attr_protected or attr_accessible for Elibrary, but not both. params : "elibrary"=>{"title"=>"bingo three", "short_description"=>"something new",

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

Hi, I''m having great fun developing with Rails but I''ve come to a problem that I can''t quite figure out. I have an Order object that "has_many" order_lines. This works perfectly and I can see all the lines. The OrderLine object has an order_id field as well as product_id and amount. Now ideally I would want to do : order.orderline[0].product.name for

Hi, Does anyone know how to include nested associations when overriding a model''s #as_json method? Below is my attempt to include direct and nested associations. NOTE: "office" is a direct association, "company" is nested association via "office". I''d like both included in the generated json output. def as_json(options={}) super(:include

I''ve been puzzling over how to test that attr_accessible has been set for the correct columns; but the tests I''ve come up with so far seem to fail to fail when I expect. I came across this old message from this list: http://www.mail-archive.com/rspec-users at rubyforge.org/msg01570.html Which seemed like a plausible example, but my attempt (modeled on the example)

I have a weird problem going on. All of sudden, records for a certain model will not save with #save Please take a look at this: >> p = Payment.new(:payment_reason_id => 1, :payment_method_id => 1, :date => Date.today, :amount => ''5.00'', :payable => Student.find(608)) => #<Payment id: nil, school_id: nil, payment_reason_id: 1, payment_method_id: 1,

Anyone got any idea of how to use built-in validation methods in a mixed-in module. What I''ve got at the moment is each class that needs ranking methods includes [the module] Ranking. Then the module Ranking has a bunch of instance methods and a submodule ClassMethods. The ClassMethods in this are mixed in to the class with self.included. So far so good. But I want the module to