Hi all!
I have come into a strange issue in Rails that I am hoping someone
can shed some light.
To make a very long story short, I have been researching how to
override ActiveRecord::Base#read_attribute and write_attribute to
perform security checks at the model level (influenced by the
ModelSecurity generator). Shortly after implementing some code to
check this behavior, I began to see undefined behavior from rails.
The first request to read an attribute would be denied correctly,
however further requests would proceed without fail.
After a lot of searching, I think I have traced the problem down to
the generated read methods. When
ActiveRecord::Base#generate_read_methods is false, all is well. When
its true, my migraine returns.
More research, reading, and I come to this curiosity...
ActiveRecord::Base#define_read_method(symbol, attr_name, column)
generates reader code for an attribute after Rails realizes there
should be a reader method for it, correct? But the generated reader
method body does not call read_attribute... instead it accesses the
attribute directly and performs a type cast (if necessary)
Is this intended? Am I missing something that read_attribute is
doing that is not appropriate for a defined attribute reader method?
It's near trivial to draft a patch for this - however, I wanted to
make sure I wasn't vastly underestimating something.
Comments?
Thanks everyone!
--
Jeff Hall
Technology Consultant
Digital Maelstrom
Email: [EMAIL PROTECTED]
Jabber/XMPP: [EMAIL PROTECTED]
_______________________________________________
Rails-core mailing list
Rails-core@lists.rubyonrails.org
http://lists.rubyonrails.org/mailman/listinfo/rails-core
