tags:

views:

57

answers:

4
Q: 

RoR: How to modify the controller to accept update several params only?

Here is the code generated by rails:

def update
  @user = User.find(params[:id])

  respond_to do |format|
    if @user.update_attributes(params[:user])
      flash[:notice] = 'User was successfully updated.'
      format.html { redirect_to(@user) }
      format.xml  { head :ok }
    else
      format.html { render :action => "edit" }
      format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
    end
  end
end

But I don't want user to update the whole user, assume that my user have fname, lname and gender, instead of remove the gender from the view, I want to restrict that the update method ONLY accept fname and lname only, if he/she want to update the gender, I won't allow him/her to do so. How can I restrict the user to do so? thank you.

+1  A: 

Use Hash parameters of the update_attributes

@user = User.find(params[:id])
@user.update_attributes(:fname=>params[:user][:fname], :lname=>params[:user][:lname])
Salil  2010-07-12 11:35:26
sorry, I would like to know, what is the @@user mean? why not @user only. thank you.
Tattat  2010-07-12 11:40:35
It is wrong, it should be something like `@user.update_attributes(...)`, like you used in your example.
Veger  2010-07-12 11:42:34
@Tattat:- it's just typo here sorry. but if i am not wrong `@@` variable are used to represent as `Global Variables in rails`
Salil  2010-07-12 11:44:21
O... I see... I misunderstand the @@ is a new stuff. Thanks a lot.
Tattat  2010-07-12 11:45:34
How is the user updated in your code? Since you are using `User.update_attributes(..)` without any id, it is impossible to find the record/user you want to update...
Veger  2010-07-12 11:47:00
@Veger :- it's by mistake it should be `@user.update_attributes` thanx anyway :)
Salil  2010-07-12 11:56:25
@@ is not a global variable, it is a class variable. Global variables in ruby start with a $ character.
Faisal  2010-07-12 14:33:54
A: 

You can delete unwanted attributes from the param[:user] Hash:

# ...
attributes = params[:user]
gender = attributes.delete :gender
raise SomeError unless gender.blank?
if @user.update_attributes(attributes)
  # ...
end
# ...

This code removes :gender from the Hash and checks if it is filled in. If so, an exception is raised. Of course you could give a nice warning or silently ignore the fact that the gender was filled in.

Veger  2010-07-12 11:39:10
+3  A: 

or add a custom @user.update_only() method, which makes it also easier to reuse in different contexts...

class User
  def update_only(attrs = {}, *limit_to)
    update_attributes(attrs.delete_if { |k,v| !limit_to.include?(k.to_sym) })
  end
end

Then just do something along the lines of

@user.update_only(params[:user], :fname, :lname)
lwe  2010-07-12 11:44:46
I must say I like this idea. It would be a nice extension to ActiveRecord (or perhaps a nice extension to update_attributes, using an :except hash perhaps).
Daniel Abrahamsson  2010-07-12 11:55:29
and it transparently handles attr_protected/accessible as well - feel free to pack it up as plugin, or add it to AR::Base (would make sense)
lwe  2010-07-12 12:08:14
Nice idea for a general solution
bjg  2010-07-12 13:43:55
+2  A: 

There are two methods in ActiveRecord that come in handy in cases like these, attr_protected and attr_accessible.

You use them like this:

class MyModel < ActiveRecord::Base
    attr_accessible :fname, :lname #Allow mass-assignment
    attr_protected :secret #Do not allow mass-assignment
end

model = MyModel.new(:fname => "Firstname", :lname => "Lastname", :secret => "haha")
puts model.fname # "Firstname"
puts model.lname # "Lastname"
puts model.secret = nil # Can not be set through mass-assignment
model.secret = "mysecret" # May only be assigned like this
puts model.secret # "mysecret"

However, if you only need this functionality at one place, then Salil's solution will work just as well.

One thing to note is that you should use attr_acessible to whitelist attributes that are OK to mass-assign, and make every other attribute protected. By doing so, you hinder mean people for updating data they are not supposed to touch.

See the docs for more info.

Daniel Abrahamsson  2010-07-12 11:47:35
This is the best answer of all provided ones, no hacking and works at the model level, which is where this kind of code should be.
Faisal  2010-07-12 14:31:47

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?