Updating Model Attributes

ArcGhost picture ArcGhost · May 16, 2011 · Viewed 14.6k times · Source

I have a Rails app that is a blogging platform, allowing for multiple contributing authors. My User model has a :writer boolean attribute for assigning writing permissions. However, :writer is NOT listed under attr_accessible for the User model.

I wanted to a way to edit this attribute through the web, without having to run

User.find_by_id(user_id).update_attribute(:writer, true/false)

through the console, but I'm wondering if this would be impossible without listing :writer under attr_accessible for the User model. I have several pages accessible only to admin-users, and I would like to be able to put the ability to toggle the :writer attribute within those views.

If it is indeed possible, how could it be done? Thanks in advance for your help!

Edit: Based on the couple of answers I've gotten, I feel should've been more specific in my question. I apologize. I understand that I could still individually update the :writer attribute, as Beerlington and Hitesh have pointed out. What I wanted to know was how one could implement such a function through the view. Would it be possible to make a clickable link to toggle the :writer state? Might it be possible to have a link call a controller function and pass the appropriate user_id for :writer toggling?

Answer

Peter Brown picture Peter Brown · May 16, 2011

attr_accessible and attr_protected only protect attributes from mass-assignment. You can still assign them through other means though:

Mass Assignment (will not work):

model.update_attributes(:admin => true)

Non Mass Assignment (option 1):

model.admin = boolean
model.save

Non Mass Assignment (option 2):

model.send(:attributes=, attributes, false)

Non Mass Assignment (option 3):

model.update_attribute(admin, boolean)

I personally do not like either of these manual options, so I wrote a gem called sudo_attributes that makes it easier to override mass assignment using "sudo" methods.