Can anyone tell me how to turn on mass assignment in rails 2.0. I am facing a problem accessing a value of an attr_protected value sat by a plugin I am using. I need this value to be assigned to a modle object but it is silently discarded. Please help.
if it's only one attribute, why not just assign with:
@object.update_attribute(:attribute, value)
Protected attributes are ignored in mass-assignment, that's the whole point of attr_protected!
If the plugin sets the attribute with regular assignment it will get saved anyway, I mean this sequence updates the protected attribute:
model.protected_attribute = value if model.update_attributes(params[:model]) # protected was updated to value, no matter # what params[:model] has about it end
If the plugin uses mass-assignemnt itself either the atribute cannot be protected or else you need to patch the plugin.
-- fxn
Correct! The OP should think about WHY the plugin is protecting the attribute from mass assignment.
The reason this gets done in general is for security, to keep a bad-guy user from changing things that shouldn't be (passwords? permissions? ....) by forging uri's with say, additionally query parameters in the URI.
Rick,
The real problem I am facing here is the plugin I use (acts_as_better_nested_set) declares the column "parent_id" as attr_protected which I need in a controller to reffer to the parent object of the cutrrent node (I doubt this plugin was written prior to Rails 2.0). I send parent_id as a hidden field value from view to the controller where its get discarded. (I am creating a category tree here)
in categories_controller
def create @category = Category.new(params[:category]) pid = params[:category][:parent_id] if(!@pid.blank?) parent = Category.find_by_parent_id(@pid) parent.add_child(@category) #error here end #other stuff end
parent.add_child(@category) is the code where the error is thrown. It says "a category can not be found without an Id".
do you have any ideas?
You need to trust the plugin as a working assumption and tune your expectations. If the attribute is protected there may be a good reason, in principle a plugin author does not write
attr_protected acts_as_nested_set_options[:left_column].intern, acts_as_nested_set_options[:right_column].intern, acts_as_nested_set_options[:parent_column].intern
just arbitrarily. It could happen it is unnecessary, but the best hypotheses to work on is it isn't.
This structure needs some housekeeping for the right/left/parent columns and I bet the library user is not supposed to deal with parent_id directly, I guess you must go always through the API to establish relationships.
-- fxn
Thanks a lot. I followed the plugin API and it worked.