ruby on rails - Mass Assignment Vulnerability -


i have model a such :

class < activerecord::base   validates_uniqueness_of :name   attr_accessible :name end 

i want remove mass assignment vulnerability on attribute :name. deleted line attr_accessible :name model. model has no controller, didn't write strong parameters. model used in helper b.rb follows :

num_users = a.where(:name => "new").count

do need change line in way or line still work after have deleted attr_attributed :name model?

first , foremost, line num_users = a.where(:name => "new").count works fine or without using mass-assignment. because where method not assign data model record.

on other hand, rare see question ruby-on-rails-4 , mass-assignment tags (there 7 both).

this because rails 4 remove mass_assignment , replace strong_parameters, can find @ rails guides upgrade 4.0.

if line attr_accessible :name working fine on rails 4 app. must have protected_attributes gem @ gemfile.

there must reason add protected_attributes gem rails 4 app. if not, can remove gemfile bundle install , remove attr_accessible ... lines model. , remove :without_protection => true parameter model's actions (new, create, create!, update_attributes , update_attributes!, assign_attributes).

if keep gem protected_attributes @ gemfile. when need update field not attr_accessible must add parameter without_protection: true action. way:

a.create({name: 'new'}, without_protection: true) 

and record stored @ db. otherwise not work.


Comments

Popular posts from this blog

node.js - Using Node without global install -

How to access a php class file from PHPFox framework into javascript code written in simple HTML file? -

java - Null response to php query in android, even though php works properly -