Stack Overflow
Stack Overflow

Questions tagged [attr-accessible]

attr-accessible creates a white-list of editable attributes

attr-accessible is reference of Ruby on Rails new "attr_accessible" feature. It lets programmers define a white-list of attributes that can be modified by a user through its user interface.

104 questions
2
votes
0 answers

Rails: boolean attr_accessible default method behavior

I have a normal class (Event) where a boolean value is defined as attr_accessible :archived and in the db schema is t.boolean "archived", :default => false As such, the default method archived? is automatically…
piffy
  • 723
  • 2
  • 8
  • 21
2
votes
2 answers

In Rails, how do I limit which attributes can be updated, without preventing them from being created?

I have a situation where an attribute can be created through a JSON API. But once it is created, I want to prevent it from ever being updated. This constraint causes my first solution, which is using attr_accessible, to be insufficient. Is there a…
Logan Serman
  • 29,447
  • 27
  • 102
  • 141
2
votes
2 answers

Confusion with attr_accessible and signup forms

For a Rails project I'm working on, most of the information in a user's model is meant to be confidential, such as a two factor auth phone number. I've only whitelisted the basics in the model, email, password, and password_confirmation. I'm trying…
Andrew Stewart
  • 710
  • 1
  • 6
  • 10
2
votes
1 answer

attr_accessible, attr_accessor, I would like to know what they do

I'm doing my first steps in Rails and in object-oriented programming. There is something quite fudemental that I would like to understand: why do we need attr_accessible within the model? I have read that hackers can use mass-assignment in order to…
TimmyOnRails
  • 327
  • 3
  • 13
2
votes
2 answers

RSpec tests failing with 'unknown attribute'

I'm testing for attribute response in my model: it { should respond_to(:password) } it { should respond_to(:password_confirmation) } These attributes aren't part of the database but simply declared in my model as attr_accessible. When I don't…
8vius
  • 5,786
  • 14
  • 74
  • 136
2
votes
2 answers

Assignment of a protected attribute in Rails

I have a field on my User model that is protected because it determines clearance level. So it should be left protected and not mass-assignable. So even though attributes are protected by default in 3.2, that is actually the behavior I…
Jonathan Allard
  • 18,429
  • 11
  • 54
  • 75
1
vote
1 answer

Rails attr_accessible :as and custom validator

I have model User class User < ActiveRecord::Base has_and_belongs_to_many :roles attr_accessible :login, :email, :password, :password_confirmation ... attr_accessible :role_ids, :active, :as => :super_admin validates :email,…
Babur Ussenakunov
  • 1,995
  • 2
  • 16
  • 16
1
vote
2 answers

'attr_accessible' effects

I am using Ruby on Rails 3.0.9 and I would like to know in which cases (that is, for which methods) the attr_accessible method has effect. For example, if I use attr_accessible :name, :surname it will care to not assign those attribute values when…
Backo
  • 18,291
  • 27
  • 103
  • 170
1
vote
2 answers

attr_accessible/security question with rails - what is the best way to deal with this?

I have a question concerning Rails security. Let's say we have User model, and it has many boolean values for roles, such as admin, director, and so on. An Admin will definitely want to edit these values on forms, so we'll want to use…
Fire Emblem
  • 5,961
  • 3
  • 24
  • 37
1
vote
1 answer

Paperclip updating database with NULLS for filename, filesize, etc in Rails3

I'm attempting to implement Paperclip in my Rails3 app and using Emerson Lackey's railscast (http://www.emersonlackey.com/article/paperclip-with-rails-3) as a model as its very similar to what I am looking to do (have multiple photos for a…
Scott
  • 1,034
  • 1
  • 9
  • 19
1
vote
2 answers

Rails Devise attr_accessible problem

Im trying to add devise authorization to my rails 3 app. Its all going well except Im also trying to follow this tutorial to dynamically set attr_accessible for role_ids only for admin users (I dont want regular users changing their role, but an…
nacho10f
  • 5,816
  • 6
  • 42
  • 73
1
vote
1 answer

Rails_admin with has_one issue in rails 5

In rails 5, attr_accessible is removed. So how to use has_one association. Like I have: class Setter include Mongoid::Document include Mongoid::Timestamps::Created::Short has_one :user end and class user include Mongoid::Document …
Neetesh
  • 71
  • 2
  • 6
1
vote
1 answer

How Do I Add A Virtual Attribute To The Attributes Hash in Rails 4

I want to add a virtual attribute to an activerecord object. It's straightforward to define the getter/setter but I want my attribute to appear in the attributes hash (and attribute_names etc..). Since this is rails 4 I can't use…
Peter Gerdes
  • 2,288
  • 1
  • 20
  • 28
1
vote
1 answer

attr_accessible in rails 4

I'm doing the onemonth rails and I'v got a problem with the attr_accessible function. I've installed it as a gem in rails 4(gem 'protected_attributes') and using it with the simple_form. But the problem is that when I update my form with a name, it…
Tomislav Mikulin
  • 5,306
  • 4
  • 23
  • 36
1
vote
1 answer

Sorcery external: Can't mass-assign protected attributes

Tune gem Sorcery through article: github.com/NoamB/sorcery/wiki/External. I have done so, the user after login can create a recording and attach it to an image that is downloaded to the S3 from Amazon AWS. But after setting up I can log in, but I…
Yuri Malov
  • 1,197
  • 8
  • 11
1 2
3
4 5 6 7