How I can set 'attr_accessible' in order to NOT allow access to ANY of the fields FOR a model using Ruby on Rails?

后端 未结 4 1004

If in a model file I have just this code:

class Users < ActiveRecord::Base
end

what this means? All attributes related to the model are acce

4条回答
  •  别那么骄傲
    2021-02-19 03:32

    By default the attributes are all attr_accessible (which means they can be set my mass-assignment).

    • attr_accessible - only this list of attributes can be set by mass-assignment (white-listing).
    • attr_protected - these attributes cannot be set by mass-assignment (black-listing).
    • attr_readonly - these attributes cannot be set except for when the record is created.

    To disable mass-assignment entirely, use something like this:

    ActiveRecord::Base.send(:attr_accessible, nil)
    

    This command will disable mass-assignment for all active record objects, but you can specify one or more models to perform this command on if you want mass-assignment in some cases but not in others.

提交回复
热议问题