attr_accessible in rails Active Record

VP. picture VP. · Nov 24, 2009 · Viewed 19.4k times · Source

When I use the attr_accessible to specify which fields from my Model I will expose, is it true for script/console as well? I mean something that I didn't specify as attr_accessible won't be accessible as well through console ?

Answer

Josh Delsman picture Josh Delsman · Nov 25, 2009

This is only true for mass assignment. For instance, if you were to set attr_protected :protected in your model:

>> Person.new(:protected => "test")
=> #<Person protected: nil>

Conversely, you could set all attributes you want as accessible using attr_accessible.

However, the following will still work:

>> person = Person.new
=> #<Person protected: nil>
>> person.protected = "test"
=> #<Person protected: "test">

This is the same behaviour as in controllers, views, etc. attr_protected only protects against mass assignment of variables, primarily from forms, etc.