On Jun 27, 5:37 pm, Peter Bell <[email protected]> wrote:
> A User has many teachers. I'm trying to lock down my API. I have a
> "user.add_teacher teacher" method and want to make that the *only* way to
> "user.teachers << teacher". Any way to lock down the teachers association so
> it is read only from outside the user class and only settable within self?
>
> I'm not just looking for attr_protected to avoid mass assignment. I'm
> specifically looking to ensure that nobody on the team will write
> "user.teachers << teacher" and bypass all of the additional business logic in
> the add_teacher method. I know I can do a "find within project" for "teachers
> <<" but don't want to remember to have to do that.
>
> I know my specs should catch anything that's amiss, and I'm not sure whether
> this is an idiomatic approach in Ruby/Rails but I'd appreciate any
> thoughts/suggestions.
>
could you overwrite << in your association proxy ie
class User
has_many :teachers do
def <<(*args)
raise "don't use me!"
end
end
end
?
There are lots of other ways users can add teachers though, eg
user.teachers.build, Teacher.new(:user_id => some_user.id) etc so I
don't thing you can make this completely watertight.
Fred
> Thanks,
> Peter
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
