Frederick Cheung wrote:
> Part of the problem with the current mass assignment is that it's
> rather crude - eg you might want an attribute to be changeable at
> creation time only, or only by users with certain privileges etc, or
> mass assigned with values from a (trusted) file, distinctions which
> attr_protected / attr_accessible don't allow you. I think there was
> talk of overhauling this in rails 3, not sure how far that discussion
> got
Thanks. That all makes sense, and I'm looking forward to improvements
here.
While this is certainly on-topic based on the subject, I don't see that
the OP is attempting any such thing in the examples provided. I still
see no benefit to avoiding mass assignment based on what he's doing. If
the code had any of the needs you mention here then update_attributes
would be lacking.
> [:name, :email].each do |attr|
> user.send("#{attr}=", params[:user][attr])
> end
This was what I was referring to when mentioning not seeing the benefit.
How is this any safer than update_attributes coupled with
attr_accessible or attr_protected?
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
