Reputation: 620
Rails: list all attributes that can't be mass assigned
I am working through an old legacy project that has recently been updated. The models to the project are in an engine running separate from the controllers and views etc. The engine is running on rails 4.1.6 while the controllers etc are on Rails 3.
This has led to many issues with mass-assignment. I have created a little module that reads the db columns and white lists the attributes for that model. However in a case such as this NewsItem model which has associations and needs to accept attributes for those associations, the module doesn't work.
class Newsitem < ActiveRecord::Base
include MyAttrAccessibleModule
has_and_belongs_to_many :assets
has_and_belongs_to_many :boroughs
has_and_belongs_to_many :venues
I need to add
attr_accessible :asset1_attachment_remove,
:asset1_attachment_title,
:asset2_attachment_title,
:asset3_attachment_title,
:asset4_attachment_title,
:borough_ids,
:venue_ids
But finding all models that require this is a bit of a pain, seeing as there are well over 100.
Is there a way to highlight, find, test, discover in what other models this error might occur in also?
Upvotes: 1
Views: 67
Answers (2)
Reputation: 620
Thanks to @Stefan Dorunga for his suggestion. It led me in the right direction.
if reflect_on_all_associations(:has_and_belongs_to_many).any?
association = reflect_on_all_associations(:has_and_belongs_to_many)
association.each {|model| attr_accessible model.plural_name.singularize + "_id"}
association.each {|model| attr_accessible model.plural_name}
end
I query the model to see if it has a relationship where the relation id isnt explicitly listed and generate it dynamically.
The only downside is that I have to include the module after all the listed associations. I usually include modules at the top of a class. Whether this is standard practice or not I do not know.
Upvotes: 0
Reputation: 679
I think what you're looking for could be this:
Object.attributes.keys - Object.accessible_attributes
This should subtract all the whitelisted attributes from all of the available ones.
Upvotes: 2
Related Questions
- ActiveRecord: How to get all attributes of a model that can be mass-assigned?
- Finding permitted attributes for a Rails model
- How to mass-assign in rails even though attributes are in attr_accessible?
- How to test for mass assignment errors in Rspec and Rails 4?
- How to make all model attributes accessible for mass-assignment?
- Rails: Is there an efficient way to get all whitelisted attributes with values?
- How can I suppress the assignment of one or more fields in a Ruby-On-Rails mass-assignment?
- Using RSpec, is there a way to assert whether a specific attribute of a Model is invalid?
- Rails and Rspec - can't mass-assign protected attributes
- Throw an exception whenever someone tries to mass-assign protected attributes