Private/protected accessors to attributes in Rails 4
Question
Supose that I have the following class:
class Foo < ActiveRecord::Base
belongs_to :bar
end
In rails console I can do this:
foo = Foo.new
foo.bar_id = 3
But this can violates the encapsulation principle. I think that is better idea do:
foo = Foo.new
foo.bar = Bar.find(3);
And bar_id should be private/protected. This has nothing to do with the mass assignment and strong parameters but it is an security issue too.
Is there any way to set to private some attributes?
2 answers
solution1
0 2013-10-07 16:35:35
Is there a way to make Rails ActiveRecord attributes private?
class MyModel < ActiveRecord::Base
private
def my_private_attribute
self[:my_private_attribute]
end
def my_private_attribute=(val)
write_attribute :my_private_attribute, val
end
end
solution2
0 2014-07-17 16:40:12
I don't think just making the write accessor private or protected will reliably prevent change via update_attribute or mass assignment.
While it's not actually "private" per se, but you could get the desired effect by setting the attribute read_only, eg
attr_readonly :bar_id
and if you do need to update the value "private-ly," access it as @bar_id. Per the docs, "Attributes listed as readonly will be used to create a new record but update operations will ignore these fields."
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.