Reputation: 5426
How to properly add default entries to database in Ruby on Rails?
Mostly my entries in seeds.rb are simple, like this:
User.create!(
name: "Peter"
admin: false;
# etc.
)
If I get the "Can't mass-assign protected attributes" error, I make a small change in the model, in this case user.rb:
attr_accessible: name, admin
So far so good. But how am I supposed to seed entries into tables generated by a rails gem which adds another engine to my app? Forem, for example. And I'm sure there are others.
I have added these entries to my seeds.rb file:
Forem::Category.create!(
name: "cat1"
)
Forem::Forum.create!(
title: "forum1",
description: "forum1 description",
category_id: 1
)
Forem::Topic.create!(
forum_id: 1,
user_id: 1,
subject: 'topic1',
locked: false,
pinned: false,
hidden: false,
)
Category and Forum are generated, Topic is not:
Can't mass-assign protected attributes: forum_id, user_id, locked, pinned, hidden
If I had a topic.rb model, I would know what to do. But I don't have it. Forem is an engine and I don't know of a way to make some attributes of model topic.rb visible.
I know that this line in application.rb:
config.active_record.whitelist_attributes = true
enables the protection against mass assignment. Disabling it leaves a huge security hole, so it's not an option. And disabling it didn't allow me to seed into topics table anyway.
I've also tried to use fixtures. I added this to my seeds.rb file:
require 'active_record/fixtures'
Fixtures.create_fixtures("#{Rails.root}/test/fixtures", "topics.yml")
test/topics.yml:
one:
id: 1
forum_id: 1
user_id: 1
subject: "topic1"
created_at: 2012-05-19 19:54:19
updated_at: 2012-05-19 19:54:20
locked: false
pinned: false
hidden: false
last_post_at: 2012-05-19 19:54:21
state: "open"
views_count: 3
Error I get is - uninitialized constant Fixtures
What's wrong with my seeds.rb and fixture? Or should I use a migration?
Upvotes: 0
Views: 723
Answers (2)
Reputation: 12235
Disabling it leaves a huge security hole, so it's not an option`
Nope, it's not a huge security hole. This is a controversial debate, but attr_accessible (and variants) are (in my and a lot of others opinion) not a good solution to the problem that is preventing users to create/update objects/attributes they should not. Put another way, attr_accessible is a model solution to a controller issue. Because that is the job of the controller to make sure that the data is cleaned and usable, to check wether the current user is allowed to do such things, etc.
So what I'd do would be to remove all references to attr_accessible and set whitelist_attributes to false.
Then it's up to you to filter your params in your controllers. You could do as done in this gist or use rails/strong_parameters, or any other way that might please you.
After that you would no longer have these issues while seeding
Upvotes: 2
Reputation: 5625
Seeds.rb is just ruby code. You don't have to create the whole resource in one line. Try something like this
topic = Forem::Topic.create(
:subject => "topic 1",
:locked => false
# etc
)
topic.user_id = 1
topic.save
Upvotes: 1
Related Questions
- How to add a new field to database (with default value)?
- Rails populate with default entries after database table was created
- default value is not saved to the database
- rails model default value
- Rails default data
- Initialize database values in rails
- Rails: Creating default records for has_many relationship
- how set default value of db in ruby on rails
- Inserting default values in tables using rails
- Ruby on Rails - prepopulate new record