Peter Bell <peter@...> writes:
A User has many teachers. I'm trying to lock down my API. I have
a "user.add_teacher teacher" method and want
to make that the *only* way to "user.teachers << teacher". Any way to lock
down the teachers association so
it is read only from outside the user class and only settable within self?
I'm not just looking for attr_protected to avoid mass assignment. I'm
specifically looking to ensure that
nobody on the team will write "user.teachers << teacher" and bypass all of
the additional business logic
in the add_teacher method. I know I can do a "find within project"
for "teachers <<" but don't want to
remember to have to do that.
I know my specs should catch anything that's amiss, and I'm not sure whether
this is an idiomatic approach in
Ruby/Rails but I'd appreciate any thoughts/suggestions.
Thanks,
Peter
It seems there is business logic to check when adding teachers to users which
goes beyond a simple "validates_associated :teacher". Rather than restrict
developers to a single method call, I would investigate custom validations.
See http://guides.rubyonrails.org/active_record_validations_callbacks.html