Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

mass_assignment_authorizer and nested attributes

Tags:

ruby-on-rails

I'm using dynamic attr_accessible as per this article:

http://asciicasts.com/episodes/237-dynamic-attr-accessible

It works fine. But I haven't found an elegant way to make it work with nested attributes. Here's some simplified code:

class Company < ActiveRecord::Base
  has_many :employees

  accepts_nested_attributes_for :employees
end

class Employee < ActiveRecord::Base
  belongs_to :company

  attr_protected :salary

  attr_accessor :accessible

  def mass_assignment_authorizer  
    if accessible == :all
      ActiveModel::MassAssignmentSecurity::BlackList.new
    else
      super + (accessible || [])
    end
  end 
end

Let's say I have an admin interface with a RESTful form for a Company. On this form, I have fields for employees_attributes, including blank fields to create new Employees. I can't find a way to call Employee#accessible= in this context. Browsing through the ActiveRecord source code, it seems that this might be impossible: in the remotest part of a very deep call stack, nested associations just result in Employee.new being called with the attributes.

I'd thought about creating a special attribute that could be passed in through mass assignment. If the attribute's value were the right code, the Employee instance would set @accessible to :all. But I don't think there's a way to guarantee that this attribute gets set before the protected attributes.

Is there any way to make dynamic protected attributes work with nested attributes?

like image 917
rlkw1024 Avatar asked Feb 07 '11 20:02

rlkw1024

People also ask

What are nested attributes?

Nested attributes are a way of applying sub-categories to your attributes. For instance, instead of having a single searchable attribute price , you may set up some sub-categories: price.net , price.

What is nested attributes rails?

Rails provide a powerful mechanism for creating rich forms called 'nested attributes' easily. This enables more than one model to be combined in forms while maintaining the same basic code pattern with simple single model form. Nested attributes allow attributes to be saved through the parent on associated records.

1 Answers

I'm new to rails, and have had boatloads of trouble trying to get nested attributes to work myself, but I found that I had to add the nested attributes to my accessible list.

class Company < ActiveRecord::Base
  has_many :employees

  accepts_nested_attributes_for :employees

  attr_accessible :employees_attributes
end

My understanding is that accepts_nested_attributes_for creates that special employees_attributes, but when you default all attributes to non-accessible (which I believe the asciicast does) you won't be able to use it.

I hope that helps.

like image 98
Geoff Avatar answered Nov 03 '22 19:11

Geoff
Sign in to Comment

Related questions

Rails STI using ONE form
What might this be: New Active Record chainable query language built on top of relational algebra?
SimpleDB to ActiveResource. Rails
Rspec > testing database views
How to cache objects store them for multiple requests?
Multiple remote_form_for on the same page causes duplicate ids
How do I execute queries upon DB connection in Rails?
Rails, Passenger and Memcached: Unable to find server during initialization
What's the easiest way to use OAuth with ActiveResource?
can't dup NilClass - Error
Rails: GoogleDocs-Style Autosave
RSpec accessing application_controller methods such as 'current_user'
Missing PID file when using a process manager to start delayed job
Are array parameters in rails guaranteed to be in the order in which they appear in the url?
Rails validating virtual attributes
Rails, two dimensional table, pivot, nested hash loops
rails - Parsing an Email Message for just the reply, not the old thread?
is_a? fails with single-table inheritance in Rails 3
how do I share authentication on a rails/rack app with a node.js instance?
Rails associations of user/post/comment

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!