In this type of case, it makes sense either to declare a whitelist or to declare a blacklist. But it doesn’t make much sense to declare both of them.
Solution #3: ActiveRecord (or ActiveModel) should raise if a class declares both a whitelist and a blacklist of mass-assignable attributes.
class Comment
attr_accessible: title
attr_protected: author_id # raises immediately
end
Cheers,
Jay
Jay, this solution doesn’t play nice with inheritance.
Rafael Mendonça França
http://twitter.com/rafaelfranca
https://github.com/rafaelfranca
sikachu
(Prem Sichanugrist)
July 10, 2012, 4:29pm
3
Yeah, Jay. Your solution won’t work with inheritance.
By deprecating the attr_protected, you can allow most of the attributes anyway (but seriously seriously seriously discouraged) by do something like:
attr_accessible columns - [:created_at, :updated_at]
Having attr_accessible and attr_protected together in the same model is just asking for the trouble. You tell the model to whitelist, then you tell it again to blacklist.
Prem,
What’s the conflict with inheritance?
Cheers,
Jay
Note that this may die in exciting ways if you put it in a model that hasn't been created in the DB yet. (since columns looks at the table metadata)
--Matt Jones