Rails质量分配定义和attr_accessible用法 [英] Rails mass assignment definition and attr_accessible use
问题描述
只想弄清楚什么是大规模分配以及如何围绕它进行编码.是大量分配是使用哈希(例如,..
Just want to be clear on what mass assignment is and how to code around it. Is mass assignment the assignment of many fields using a hash, ie like..
@user = User.new(params[:user])
为防止这种情况,请使用 attr_accessible ,例如:
And to prevent this you use attr_accessible like:
attr_accessible :name, :email
这样,诸如:admin这样的字段不能通过批量分配添加吗?
So that a field like :admin could not be added by mass assignment?
但是我们可以通过以下方式在代码中对其进行修改:
But we can modify it in code by something like:
@user.admin = true
是真的,如果我们没有 attr_accessible ,那么一切都可以进行大规模分配?
So is it true that if we don't have attr_accessible then everything is accessible for mass assignment?
最后,棘手的一点是……确实如此,即使有一个 attr_accessible ,例如"attr_accessible:name",也意味着所有其他字段现在不可进行大规模分配吗?
And finally the tricky point ... is it true that even with one attr_accessible like "attr_accessible :name" means that all other fields are now not accessible for mass assignment?
推荐答案
您所有的假设都是正确的.如果没有attr_accessible,则所有字段都可以批量分配.如果您开始使用attr_accessible,则只有您指定的字段才可以批量分配.
All of your assumptions are correct. Without attr_accessible, all fields are open to mass assignment. If you start using attr_accessible, only the fields you specify are open to mass assignment.
这篇关于Rails质量分配定义和attr_accessible用法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!