attr_accessible <-> :as => :admin <-> db:seed <->
Question
I am sort of in a catch22 situation.
- If have to protect the 'role' attribute for a user from mass assignment problems I have to use attr_accessible and exclude it.
- But then if I have to allow an admin to set it then I have to add :as => :admin using assign_attributes.
- But then db:seed won't work if I have to setup some default roles.
Is there a way to accomplish all three needs?
Thank you.
1 answers
solution1
0 2012-07-18 01:51:12
There are a few ways around mass assignment but I'm not really a fan of them.
For example:
role = Role.new
role.assign_attributes({...}, :without_protection => true)
role.save
I prefer to use a gem I wrote called sudo_attributes that gives you "sudo" privileges:
Role.sudo_create(...)
The API is identical to ActiveRecord's for creating and instantiating models.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
User model, attr_accessible and admin
Rails attr_accessible only for seed.rb?
models in attr_accessible
attr_accessible for Rails 4
attr_accessible in rails 4
attr_accessible in migrations
'attr_accessible' effects
Using Rails 3.1 :as => :admin for updating attributes protected by attr_accessible
How exactly does attr_accessible protects the db?
Rails and attr_accessible + security
Related Tags