Peter Bell <peter@...> writes: > > A User has many teachers. I'm trying to lock down my API. I have a "user.add_teacher teacher" method and want > to make that the *only* way to "user.teachers << teacher". Any way to lock down the teachers association so > it is read only from outside the user class and only settable within self? > > I'm not just looking for attr_protected to avoid mass assignment. I'm specifically looking to ensure that > nobody on the team will write "user.teachers << teacher" and bypass all of the additional business logic > in the add_teacher method. I know I can do a "find within project" for "teachers <<" but don't want to > remember to have to do that. > > I know my specs should catch anything that's amiss, and I'm not sure whether this is an idiomatic approach in > Ruby/Rails but I'd appreciate any thoughts/suggestions. > > Thanks, > Peter >
It seems there is business logic to check when adding teachers to users which goes beyond a simple "validates_associated :teacher". Rather than restrict developers to a single method call, I would investigate custom validations. See http://guides.rubyonrails.org/active_record_validations_callbacks.html -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
