|
|
|
|
|
|
by davidblondeau
5227 days ago
|
|
|
Right, refactoring an existing project to enforce attr_accessible nil by default can be a hassle. From my experience, the main (though easily side-stepped) annoyance is when creating or updating records that have belongs_to associations (for example, user_id and repository_id for a commit ;)) programmatically. For security purposes, you would not set those 2 attributes to be attr_accessible. To create a new record, you then would have to build the record and then set the user_id and repository_id on the record. Or, you can set user and repository to be accessible (attr_accessible :user, :repository). This is fine because the associated methods expect ActiveRecord objects. |
|
|