I have a question about using attr_accessible in Rails. I sometimes want to set guard_protected_attributes to false in order to bypass mass assignment protection. I'm wondering why the following line doesn't work (it creates the "can't stringify keys" error): @user.attributes=({ :name => "James Bond", :admin => true }, false) ...but ...
Say you have this structure: class House < ActiveRecord::Base has_many :rooms accepts_nested_attributes_for :rooms attr_accessible :rooms_attributes end class Room < ActiveRecord::Base has_one :tv accepts_nested_attributes_for :tv attr_accessible :tv_attributes end class Tv belongs_to :user attr_accessible :manufactu...
I have two attributes, 'a_value' and 'b_id'. (Not their real names.) 'a_value' is stored on the file system, using some information from model 'B', referenced by 'b_id'. So, my params object looks like: params[:foo] = {"a_value"=>"nifty value","b_id"=>"38"} for example. Now, in foo_controller.rb: foo = Foo.new(params[:foo]) But t...
I have several Rails models that I'm trying to expose via a REST api. I'm looking for a simple way to allow mass assignment in certain contexts (through the api or admin interface) but to disallow when populating from user based forms. There are a few catches as well. First, I'm populating a bunch of child objects using accepts_neste...
I've been reading up on rails security concerns and the one that makes me the most concerned is mass assignment. My application is making use of attr_accessible, however I'm not sure if I quite know what the best way to handle the exposed relationships is. Let's assume that we have a basic content creation/ownership website. A user ca...
so, i'm trying to learn ruby by doing some project euler questions, and i've run into a couple things i can't explain, and the comma ?operator? is in the middle of both. i haven't been able to find good documentation for this, maybe i'm just not using the google as I should, but good ruby documentation seems a little sparse . . . 1: how...
Just getting through some of the issue backlog and could use some input on best-practices for what seems like it should be a common scenario. (Rails 2.3.5) Let's say we've got form for creating posts for a blog using mass-assignment. The create action looks something like: def create if @blog.update_attributes(params[:blog]) redi...
I have an Account model that belongs to an account manager: class Account < ActiveRecord::Base belongs_to :account_manager, :class_name => 'User' validates_presence_of :account_manager end My controller looks like this: def create @account = Account.new(params[:account]) ... A request looks like this: Started POST "/acco...