> It feels wrong to use validations for this. Then again, if Rails 4 moves
> away from attr_accessible towards strong_parameters (which essentially
> shifts mass assignment protection from the model to the controller),
> validations will soon be the only way to protect attributes in the model.
On Monday, October 1, 2012 11:00:07 PM UTC+2, Godfrey Chan wrote:
>
> Shouldn't that be handled with validations? I mean you wouldn't save the
> model without having a validation to ensure the value is consistent with
> the state anyways, so why not just take whatever value and let it blow up
>
Hellos
Working on a project I came across the scenario that certain attributes
should only be accessible if the model instance is in a certain state.
Here's a completely fake example:
class Car < ActiveRecord::Base
attr_accessible :name, :color
private
def mass_assignment_authorizer(rol
>
>
>- Extend "destroy_if" to accept a Proc which returns either true or
>false as well
>
> Oops, that's wrong, I mean "extend the allow_destroy option" of course.
Not too many opinions thus far. :-) It basically boils down to this: Should
the reject_if option only be relevant for creat
Given the following nested resources:
class Blog < ActiveRecord::Base
has_many :posts
accepts_nested_attributes_for :posts, allow_destroy: true, reject_if:
->(post) { post[:locked] }
end
class Post < ActiveRecord::Base
belongs_to :blog
end
The reject_if prevents updating any posts fo
