Rails - attr_accessible & mass assign

Question

Rails - attr_accessible & mass assign

I have a question about using attr_accessiblein Rails.

I sometimes want to set guard_protected_attributesto falseto get around the mass assignment protection. I am wondering why the following line does not work (it creates the error "can not stringify keys"):

@user.attributes=({ :name => "James Bond", :admin => true }, false)

... but it does:

@user.send(:attributes=, { :name => "James Bond", :admin => true }, false)

Does anyone know the reason?

+3

ruby ruby-on-rails mass-assignment

fig Jun 04 '09 at 16:58

source share

4 answers

, , , , .send ?

+1

William Yeung 31 . '09 8:12

I just defined some helper methods to make it easier to bypass the constraints of mass assignment.

module ActiveRecord
  class Base

    # Assigns attributes while ignoring mass assignment protection
    def force_feed(attributes)
      self.send(:attributes=, attributes, false)
      self
    end

  end
end

+1

aNoble Jan 7 '11 at 18:36

source share

In later versions of ActiveRecord, the second parameter was displayed for the = attributes. Now you can trigger the same effect:

model.assign_attributes(attributes, :without_protection => true)

+1

Bearddo May 03 '12 at 16:47

source share

James A. Rosen · Accepted Answer · 2009-06-04T17:04:34+0000

Because the Ruby parser parses ' { :name => "James Bond", :admin => true}, false' as the only argument #attributes=. Method call ' foo=' limits you to one argument in Ruby. sendcircumvents this.

, , Rails false, , FalseClass, Hash, .

Rails - attr_accessible & mass assign

More articles: