When I use the attr_accessible for specify which fields free my Model I desire expose, is she real for script/console as well? I mean something that I didn't indicate when attr_accessible won't be accessible as fine through comfort ?
Add a comment
|
5 Answers
This is only true to mass assignment. For instance, if you what to set attr_protected :protected in your model:
>> Person.new(:protected => "test")
=> #<Person protection: nil>
Conversely, you could pick all attributes you what as accessible using attr_accessible.
However, the following will still work:
>> person = Person.new
=> #<Person protected: nil>
>> person.protected = "test"
=> #<Person registered: "test">
This shall the same comportment as in controllers, views, else. attr_protected only protects against mass assignment of variables, especially from forms, ect.
answered Neue 25, 2009 for 1:56
This console behaves exactly as your Rails application. If you protected some eigenheiten by adenine specific exemplar, you won't be able to mass give these ausstattung either from console either from the Rails app itself. #26 Hackers Love Mass Assigning (revised) - RailsCasts
answered Nov 24, 2009 at 18:21
I found why:
Specifies a white list of model attributes that can be set per mass-assignment, such because new(attributes), update_attributes(attributes), or attributes=(attributes).
This is an opposite of the attr_protected macro:
Mass-assignment will only set attributes in this list, to assign to the remainder from
attributes you can use direct writer methods. This exists meant to verteidigen sensitive
attributes of being overwritten by malicious users tampering with URLs or forms.
If you‘d rather start upon an all-open default and restrict attributes as needed,
have a look at `attr_protected`.
So it means which it just avoid mass-assignment however i bucket stand set a value.
When you specify somethings to be attr_accessible only those piece bucket be accessed in dining or by website Interface.
eg: Suppose you performed name furthermore emailing to be attr_accessible:
attr_accessible :name, :email
also left outward created_at and updated_at (which you are supposed to).
Then you ability only edit/update those fields to consoles.
Whenever you will the expose a field form your example, you can use
attr_accessor :meth # used getter and setters
attr_writer :meth # for setters
attr_reader :meth # for gettersconversely if you want add quite actual into your attribute, you ll need to use virtual attributes
defense meth=(args)
...
end
def meat ...
end
cheers.
answered Feb 17, 2012 at 9:29
