Stack Overflow
Stack Overflow

Questions tagged [attr-accessible]

attr-accessible creates a white-list of editable attributes

attr-accessible is reference of Ruby on Rails new "attr_accessible" feature. It lets programmers define a white-list of attributes that can be modified by a user through its user interface.

104 questions
1
vote
1 answer

Why can I still use access an attribute in rails console without attr_accessible?

I am new to learning Rails but my current understanding of attr_accessible is that it makes an attribute of a class available outside the class scope. However without making an attribute attr_accessible I am able to access that attribute in a…
Cu1ture
  • 1,273
  • 1
  • 14
  • 29
1
vote
1 answer

Rails NoMethodError (undefined method `id'...) while using 'protected attributes' gem

I'm using the 'protected_attributes' gem in Rails that brings back explicit attr_accessible to Rails 4 (which I needed for compatibility with another Gem, long story). In the process of writing code, I tried to access an attribute that isn't named…
Ruben Martinez Jr.
  • 3,199
  • 5
  • 42
  • 76
1
vote
1 answer

How to work with protected model attributes--foreign keys (mass-assignment protection error)

In my application I have a course model that belongs to three other models: user, subject, and student_level (they include has many in model descriptions). To be able to create a course, I declared foreign keys for two models in course model as…
B.I.
  • 706
  • 3
  • 9
  • 19
1
vote
1 answer

Rails 4 - mailboxer attr_accessible

I'm trying to get Mailboxer on Rails4 working, but didn't had any luck with this. my conversations_controller.rb looks like this -> class ConversationsController < ApplicationController before_filter :authenticate_user! helper_method :mailbox,…
Mini John
  • 7,855
  • 9
  • 59
  • 108
1
vote
0 answers

Rails 4, strong_parameters, dynamic attr_accessible: how to get parent db info into class instance

I'm trying to add attr_accessible to a User model based on its parent Account. I know the the user class instance doesn't yet have access to its parent, but I can't figure out how to do this. Any suggestions would be awesome. This is how I'm…
Rockman
  • 99
  • 9
1
vote
1 answer

No Mass assignment with attr_accessible set in model Rails 3.2.2

I have am creating a twitter style following relationship between users in my Rails 3.2.2 application. I have User and Relationship models. class Relationship < ActiveRecord::Base belongs_to :user belongs_to :follower, :class_name => 'User' …
wuliwong
  • 4,238
  • 9
  • 41
  • 69
1
vote
1 answer

Using the ActiveAdmin Submit button in relation to attr_accessible

I'm currently changing around how my ActiveAdmin interface works so that it integrates both attr_accessible items and CanCan. In some of my models I have a specific controller action for the Submit button on the form such as = f.actions do =…
Dave Park
  • 81
  • 10
1
vote
2 answers

Issue and clarification needed with attr_accessible

There is so much written about the security threat of attr_accessible that I am beginning to wonder if I should even have any attributes in it. Here is the issue. I have a Message model which has the following: attr_accessible…
pratski
  • 1,448
  • 2
  • 22
  • 37
1
vote
1 answer

Access a column only with a particular method in rails 3

Suppose I have a model User with two attributes: :name and :age. I want the :age column to be accessible only to "def manipulate_age()"(some method). This also includes, user.update_attributes!(:age => 10) is expected to throw an exception. Is it…
Karthick
  • 41
  • 4
1
vote
3 answers

Applying attr_accessible to all fields for a given role

I am looking for a way to easily apply attr_accessible to all fields in a model for a given role, so that I can mass assign all fields in my admin console. I'd like to do something like this: class User < ActiveRecord::Base …
k_day
  • 1,379
  • 2
  • 14
  • 19
1
vote
1 answer

Solution to "Can't mass-assign protected attributes" by adding the foreign key to attr_accessible

I need to create a CRUD that allow create and update projects and one of the attributes is the client that owns the project. When the project is created or edited, the client is selected using a select tag. I have this model: class Cliente <…
Camilo
  • 2,844
  • 2
  • 29
  • 44
1
vote
1 answer

Rails SRP Modules, attr_accessible

I'm learning SOLID and trying to introduce SRP into my rails app. I have the following user model with basic authentication: class User < ActiveRecord::Base attr_accessible :password, :password_confirmation attr_accessor :password before_save…
Daniël Zwijnenburg
  • 2,550
  • 2
  • 21
  • 28
1
vote
1 answer

How to create a model attached to two users? Without interfering with attr_accessible

I am making a game, and have a Game model and a User model. The Game model looks like the following: class Game < ActiveRecord::Base belongs_to :first_user, :class_name => 'User', :foreign_key =>'first_user_id' belongs_to :second_user,…
Geoff
  • 9,470
  • 13
  • 52
  • 67
1
vote
1 answer

Virtual attribute is not set before attr_encrypted uses said virtual attribute for encryption key

When encryption_key is called by attr_encrypted, :passphrase hasn't been set. The encryption key ends up being a sha1 hash of the salt; it should be a sha1 hash of the passphrase and salt. The salt is generated on creation and saved in the…
pdjk
  • 13
  • 2
1
vote
1 answer

Rails 3 Tutorial Michael Hartl - Section 9.4.1 Revisiting attr_accessible - malicious PUT requests

I'm a Rails beginner and currently reading Michael Hartl's Rails 3 Tutorial and have a question that I'm really curious about: In the context of creating an admin user and some other 99 normal users via 'faker', Hartl explains why it would be a bad…
rails_has_elegance
  • 1,590
  • 4
  • 21
  • 37
1 2 3
4
5 6 7