attr_accessible in rails Active Record

ruby-on-rails ruby activerecord attr-accessible
VP. picture VP. · Nov 24, 2009 · Viewed 19.4k times · Source

When I use the attr_accessible to specify which fields from my Model I will expose, is it true for script/console as well? I mean something that I didn't specify as attr_accessible won't be accessible as well through console ?

Answer

Josh Delsman picture Josh Delsman · Nov 25, 2009

This is only true for mass assignment. For instance, if you were to set attr_protected :protected in your model:

>> Person.new(:protected => "test")
=> #<Person protected: nil>

Conversely, you could set all attributes you want as accessible using attr_accessible.

However, the following will still work:

>> person = Person.new
=> #<Person protected: nil>
>> person.protected = "test"
=> #<Person protected: "test">

This is the same behaviour as in controllers, views, etc. attr_protected only protects against mass assignment of variables, primarily from forms, etc.

Related questions

How to drop columns using Rails migration

What's the syntax for dropping a database table column through a Rails migration?

Read More
Rails Active Record find(:all, :order => ) issue

I seem to be unable to use the ActiveRecord::Base.find option :order for more than one column at a time. For example, I have a "Show" model with date and attending columns. If I run the following code: @shows = …

Read More
How to get last N records with activerecord?

With :limit in query, I will get first N records. What is the easiest way to get last N records?

Read More