On Thursday, September 25, 2014 7:33:37 AM UTC-7, Andrius Kairiukstis wrote:
>
> Another update
>
> Fixed myself
>
> I was used grape api library and to simplify data assignment use this code
> and Sequel hooks did not worked well:
> res = Resource.new
> params.each_pair do |k,v|
> res[k] = params[k] unless banned_keys.include?(k)
> end
>
The problem with this is you aren't calling the setter method. You could
switch to res.send("#{k}=", params[k]), which is what #set uses.
> With this code much better:
> res = Resource.new
> params.each_pair do |k,v|
> res.set(k => params[k]) unless banned_keys.include?(k)
> end
>
> Anyway, if someone will answer, please let me know, is that okay to use
> method.set this way, or any other way is better?
>
You are using a blacklist approach, when the usual recommendation is a
whitelist approach. Assuming a whitelist approach will work for you, you
should look into #set_fields or #set_only. If you really want to use a
blacklist approach, the blacklist_security plugin has a #set_except method
that should do what you want.
Thanks,
Jeremy
--
You received this message because you are subscribed to the Google Groups
"sequel-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sequel-talk.
For more options, visit https://groups.google.com/d/optout.
