Is there a way to bypass mass assignment protectio

2019-02-02 09:47发布

站内问答 / Ruby
1787 3 4

I have a Rails 3 app which JSON encodes objects in order to store them in a Redis key/value store.

When I retrieve the objects, I'm trying to decode the JSON and instantiate them from the data like so:

def decode(json)
  self.new(ActiveSupport::JSON.decode(json)["#{self.name.downcase}"])
end

The problem is that doing this involves mass assignment which is disallowed (for good reason I'm told!) for attributes I haven't given attr_writer ability to.

Is there a way I can bypass the mass assignment protection just for this operation only?

3条回答
乱世女痞
2楼-- · 2019-02-02 10:23

You can create a user also in this way which is not doing the mass assignment.

User.create do |user|
  user.name = "Josh"
end

You may want to put this into a method.

new_user(name)
  User.create do |user|
    user.name = name
  end
end
查看更多
0人赞 添加讨论(0) 举报
闹够了就滚
3楼-- · 2019-02-02 10:25

EDIT: kizzx2's Answer is a much better solution.

Kind of a hack, but...

self.new do |n|
  n.send "attributes=", JSON.decode( json )["#{self.name.downcase}"], false
end

This invokes attributes= passing false for the guard_protected_attributes parameter which will skip any mass assignment checks.

查看更多
0人赞 添加讨论(0) 举报
Evening l夕情丶
4楼-- · 2019-02-02 10:38

assign_attributes with without_protection: true seems less intrusive:

user = User.new
user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
user.name       # => "Josh"
user.is_admin?  # => true

@tovodeverett mentioned in the comment you can also use it with new, like this in 1 line

user = User.new({ :name => 'Josh', :is_admin => true }, :without_protection => true)
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)