Stack Overflow
Stack Overflow

Questions tagged [attr-accessible]

attr-accessible creates a white-list of editable attributes

attr-accessible is reference of Ruby on Rails new "attr_accessible" feature. It lets programmers define a white-list of attributes that can be modified by a user through its user interface.

104 questions
42
votes
5 answers

Forbidden Attributes Error in Rails 4 when encountering a situation where one would have used attr_accessible in earlier versions of Rails

With the recent upgrade to Rails 4, updating attributes using code resembling the below does not work, I get a ActiveModel::ForbiddenAttributes error: @user.update_attributes(params[:user], :as => :admin) Where User has the following…
Ecnalyr
  • 5,654
  • 4
  • 38
  • 86
21
votes
4 answers

Using attr_accessor and attr_accessible on the same field

What happens in the background with the following code? class User < ActiveRecord::Base attr_accessor :name attr_accessible :name end Hint: When instantiating the class, will it be persisted to the database? Why or why not?
Magne
  • 14,749
  • 8
  • 57
  • 77
11
votes
3 answers

Using Rails 3.1 :as => :admin for updating attributes protected by attr_accessible

After reading about attr_accessible in the Rails 3.1 API, I see that there is an as :admin option in there. I would like to know two things. If the user has an admin flag, how do does my controller tell my model that the user is an admin. If the…
Jason Waldrip
  • 4,719
  • 8
  • 34
  • 55
11
votes
2 answers

Difference between attr_accessible and strong parameters

I have just been doing a bit of reading on attr_accessor, attr_accessible and strong parameters at a few different locations: Difference between attr_accessor and attr_accessible How is attr_accessible used in Rails…
atw
  • 4,497
  • 8
  • 37
  • 56
10
votes
5 answers

attr_accessible in rails Active Record

When I use the attr_accessible to specify which fields from my Model I will expose, is it true for script/console as well? I mean something that I didn't specify as attr_accessible won't be accessible as well through console ?
VP.
  • 5,004
  • 6
  • 42
  • 69
9
votes
3 answers

Specify attribute list in attr_accessor with method call

I want to create large number of attributes which can be done with ease if constructed with method call like this, attr_accessor :attr_list def attr_list [:x1, :y1, :x2, :y2] end This is not working. Is there any other way to achieve…
maximus ツ
  • 7,369
  • 3
  • 22
  • 51
8
votes
2 answers

Rails 3.2, Mass Assignment, Dynamic Roles?

I have a Rails app with a user model that contains an admin attribute. It's locked down using attr_accessible. My model looks like this: attr_accessible :name, :email, :other_email, :plant_id, :password, :password_confirmation attr_accessible :name,…
jeffmueller
  • 145
  • 10
8
votes
3 answers

Rails and attr_accessible: is there a way to raise an exception if a non-mass-assignable attribute is mass-assigned?

Is there a way to have rails raise an error if an attempt is made to mass-assign attributes that aren't allowed by attr_accessible? This would be handy in development to remind me why my shiny new model isn't working, and also good to log in…
John Bachir
  • 21,401
  • 22
  • 137
  • 203
6
votes
2 answers

Updating Model Attributes

I have a Rails app that is a blogging platform, allowing for multiple contributing authors. My User model has a :writer boolean attribute for assigning writing permissions. However, :writer is NOT listed under attr_accessible for the User model.…
ArcGhost
  • 137
  • 1
  • 2
  • 11
6
votes
2 answers

Mass assignment fails when upgrading to Rails 4

deprecated_mass_assignment_security.rb:17:in `attr_accessible': `attr_accessible` is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your Gemfile to use…
sites
  • 19,991
  • 16
  • 81
  • 136
6
votes
1 answer

rails attr_accessible rspec check

When I want to test if attribute is / is not accessible with RSpec I'm doing it like this class Foo attr_accesible :something_else end describe Foo do it('author should not be accessible') {lambda{described_class.new(:author=>true)}.should…
equivalent8
  • 12,266
  • 5
  • 70
  • 98
5
votes
1 answer

Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your gemfile

This happened when I added an attr_accessible to my Relationship model. class Relationship < ActiveRecord::Base attr_accessible :followed_id end Without using Devise or a protected_attributes gem, what is the way around this? I know that in…
natecraft1
  • 2,453
  • 6
  • 34
  • 51
5
votes
4 answers

Custom user fields in Devise 3 under Rails 4

I'm using the release candidate of Devise 3 so that I can use it with Rails 4. In Rails 3.2 I used to be able to add a custom field to my User model by simply adding that field to the registration/edit.html.erb and registration/new.html.erb files…
at.
  • 45,606
  • 92
  • 271
  • 433
5
votes
2 answers

Devise not working with Rails 4.0rc1

Is there a way to get Devise to work with Rails 4.0rc1? I get the following error when trying to start the rails server or even to generate the Devise…
at.
  • 45,606
  • 92
  • 271
  • 433
4
votes
1 answer

Rails 3.1 attr_accessible verification receives an array of roles

I would like to use rails new dynamic attr_accessible feature. However each of my user has many roles (i am using declarative authorization). So i have the following in my model: class Student < ActiveRecord::Base attr_accessible :first_name, :as=>…
jalagrange
  • 2,065
  • 1
  • 18
  • 24
1
2 3 4 5 6 7