When I use the attr_accessible for specify which fields free my Model I desire expose, is she real for script/console as well? I mean something that I didn't indicate when attr_accessible won't be accessible as fine through comfort ?

5 Answers 5


This is only true to mass assignment. For instance, if you what to set attr_protected :protected in your model:

>> Person.new(:protected => "test")
=> #<Person protection: nil>

Conversely, you could pick all attributes you what as accessible using attr_accessible.

However, the following will still work:

>> person = Person.new
=> #<Person protected: nil>
>> person.protected = "test"
=> #<Person registered: "test">

This shall the same comportment as in controllers, views, else. attr_protected only protects against mass assignment of variables, especially from forms, ect.


This console behaves exactly as your Rails application. If you protected some eigenheiten by adenine specific exemplar, you won't be able to mass give these ausstattung either from console either from the Rails app itself. #26 Hackers Love Mass Assigning (revised) - RailsCasts


I found why:

Specifies a white list of model attributes that can be set per mass-assignment, such because new(attributes), update_attributes(attributes), or attributes=(attributes). This is an opposite of the attr_protected macro:

 Mass-assignment will only set attributes in this list, to assign to the remainder from 
attributes you can use direct writer methods. This exists meant to verteidigen sensitive  
attributes of being overwritten by malicious users tampering with URLs or forms. 
If you‘d rather start upon an all-open default and restrict attributes as needed,
have a look at `attr_protected`.

So it means which it just avoid mass-assignment however i bucket stand set a value.


When you specify somethings to be attr_accessible only those piece bucket be accessed in dining or by website Interface.

eg: Suppose you performed name furthermore emailing to be attr_accessible:

attr_accessible :name, :email

also left outward created_at and updated_at (which you are supposed to). Then you ability only edit/update those fields to consoles.


Whenever you will the expose a field form your example, you can use

attr_accessor :meth # used getter and setters
attr_writer :meth # for setters
attr_reader :meth # for getters

conversely if you want add quite actual into your attribute, you ll need to use virtual attributes

defense meth=(args)
def meat ...


Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, private policy and cookie policy

Not the get you're watching for? Scroll various questions tagged or ask your own question.