Rails 2.0 turn on mass assignment

Can anyone tell me how to turn on mass assignment in rails 2.0. I am
facing a problem accessing a value of an attr_protected value sat by a
plugin I am using. I need this value to be assigned to a modle object
but it is silently discarded. Please help.

if it's only one attribute, why not just assign with:

@object.update_attribute(:attribute, value)

Protected attributes are ignored in mass-assignment, that's the whole point of attr_protected!

If the plugin sets the attribute with regular assignment it will get saved anyway, I mean this sequence updates the protected attribute:

    model.protected_attribute = value
    if model.update_attributes(params[:model])
      # protected was updated to value, no matter
      # what params[:model] has about it

If the plugin uses mass-assignemnt itself either the atribute cannot be protected or else you need to patch the plugin.

-- fxn

Correct! The OP should think about WHY the plugin is protecting the
attribute from mass assignment.

The reason this gets done in general is for security, to keep a
bad-guy user from changing things that shouldn't be (passwords?
permissions? ....) by forging uri's with say, additionally query
parameters in the URI.


The real problem I am facing here is the plugin I use
(acts_as_better_nested_set) declares the column "parent_id" as
attr_protected which I need in a controller to reffer to the parent
object of the cutrrent node (I doubt this plugin was written prior to
Rails 2.0). I send parent_id as a hidden field value from view to the
controller where its get discarded. (I am creating a category tree

in categories_controller

def create
    @category = Category.new(params[:category])
    pid = params[:category][:parent_id]
      parent = Category.find_by_parent_id(@pid)
      parent.add_child(@category) #error here
#other stuff

parent.add_child(@category) is the code where the error is thrown. It
says "a category can not be found without an Id".

do you have any ideas?

You need to trust the plugin as a working assumption and tune your expectations. If the attribute is protected there may be a good reason, in principle a plugin author does not write

     attr_protected acts_as_nested_set_options[:left_column].intern,

just arbitrarily. It could happen it is unnecessary, but the best hypotheses to work on is it isn't.

This structure needs some housekeeping for the right/left/parent columns and I bet the library user is not supposed to deal with parent_id directly, I guess you must go always through the API to establish relationships.

-- fxn

Thanks a lot. I followed the plugin API and it worked.