How is attr_accessible used in Rails 4?

前端 未结 5 965
执笔经年
执笔经年 2020-11-22 08:36

attr_accessible seems to no longer work within my model.

What is the way to allow mass assignment in Rails 4?

相关标签:
5条回答
  • 2020-11-22 08:47

    If you prefer attr_accessible, you could use it in Rails 4 too. You should install it like gem:

    gem 'protected_attributes'
    

    after that you could use attr_accessible in you models like in Rails 3

    Also, and i think that is the best way- using form objects for dealing with mass assignment, and saving nested objects, and you can also use protected_attributes gem that way

    class NestedForm
       include  ActiveModel::MassAssignmentSecurity
       attr_accessible :name,
                       :telephone, as: :create_params
       def create_objects(params)
          SomeModel.new(sanitized_params(params, :create_params))
       end
    end
    
    0 讨论(0)
  • 2020-11-22 09:05

    Rails 4 now uses strong parameters.

    Protecting attributes is now done in the controller. This is an example:

    class PeopleController < ApplicationController
      def create
        Person.create(person_params)
      end
    
      private
    
      def person_params
        params.require(:person).permit(:name, :age)
      end
    end
    

    No need to set attr_accessible in the model anymore.

    Dealing with accepts_nested_attributes_for

    In order to use accepts_nested_attribute_for with strong parameters, you will need to specify which nested attributes should be whitelisted.

    class Person
      has_many :pets
      accepts_nested_attributes_for :pets
    end
    
    class PeopleController < ApplicationController
      def create
        Person.create(person_params)
      end
    
      # ...
    
      private
    
      def person_params
        params.require(:person).permit(:name, :age, pets_attributes: [:name, :category])
      end
    end
    

    Keywords are self-explanatory, but just in case, you can find more information about strong parameters in the Rails Action Controller guide.

    Note: If you still want to use attr_accessible, you need to add protected_attributes to your Gemfile. Otherwise, you will be faced with a RuntimeError.

    0 讨论(0)
  • 2020-11-22 09:07

    An update for Rails 5:

    gem 'protected_attributes' 
    

    doesn't seem to work anymore. But give:

    gem 'protected_attributes_continued'

    a try.

    0 讨论(0)
  • 2020-11-22 09:12

    We can use

    params.require(:person).permit(:name, :age)
    

    where person is Model, you can pass this code on a method person_params & use in place of params[:person] in create method or else method

    0 讨论(0)
  • 2020-11-22 09:13

    1) Update Devise so that it can handle Rails 4.0 by adding this line to your application's Gemfile:

    gem 'devise', '3.0.0.rc' 
    

    Then execute:

    $ bundle
    

    2) Add the old functionality of attr_accessible again to rails 4.0

    Try to use attr_accessible and don't comment this out.

    Add this line to your application's Gemfile:

    gem 'protected_attributes'
    

    Then execute:

    $ bundle
    
    0 讨论(0)
提交回复
热议问题