对 rails 中的 attr_accessor 和 attr_accessible 感到困惑 [英] Confused about attr_accessor and attr_accessible in rails

问题描述

这是一个简单的注册应用程序

this is a simple signup application

schema.rb

create_table "users", :force => true do |t|
t.string   "email"
t.string   "password_hash"
t.string   "password_salt"
t.datetime "created_at",    :null => false
t.datetime "updated_at",    :null => false

用户.rb

attr_accessible :email, :password, :password_confirmation
attr_accessor :password
before_save :encrypt_password
validates_confirmation_of :password
validates_presence_of :password, :on => :create
validates_presence_of :email
validates_uniqueness_of :email
.
.
.

为什么在 attr_accessible 和 attr_accessor 中都使用密码?

当我删除 attr_accessor :password 时，在 Rails 控制台中，我在执行时出错:

When i removed attr_accessor :password, in rails console, i got an error when executing:

user = User.new
user.password # => no method error

但是当我执行此操作时:

but when i execute this:

user = User.new
user.email # => nil

这意味着 user.email 在没有添加 attr_accessor 的情况下工作，为什么?！！

而且这也有效:

user = User.new
user.password_confirmation # => nil

但是当我删除时:

validates_confirmation_of :password

它不起作用，为什么??.

推荐答案

attr_accessor 和 attr_accessible 尽管拼写几乎相同，但却是完全不同的方法.

attr_accessor and attr_accessible, despite almost identical spelling, are absolutely different methods.

attr_accessor，一个原生的 Ruby 方法，它为类的实例定义了一个 getter 和一个 setter 方法:

attr_accessor, a native Ruby method which defines a getter and a setter method for the instance of the class:

class User
  attr_accessor :password
end

u = User.new
u.password = "secret"
u.password # => "secret"

attr_accessible 是 Rails 带来的一个方法，它旨在白名单"已经存在模型的属性.attr_accessible 中列举的属性以后可以通过模型属性的批量分配进行更改(而其他属性将被列入黑名单且不可更改):

attr_accessible is a method brought by Rails and it is meant to "whitelist" already existing attributes of a model. Attributes enumerated in attr_accessible can be later changed via mass-assignment of model attributes (while other attributes will be blacklisted and not changeable):

class Account < ActiveRecord::Base
  # First, you define 2 attributes: "password" and "created_at"
  attr_accessor :password
  attr_accessor :created_at

  # Now you say that you want "password" attribute
  # to be changeable via mass-assignment, while making
  # "created_at" to be non-changeable via mass-assignment
  attr_accessible :password
end

a = Account.new

# Perform mass-assignment (which is usually done when you update
# your model using the attributes submitted via a web form)
a.update_attributes(:password => "secret", :created_at => Time.now)

a.password # => "secret"
# "password" is changed

a.created_at # => nil
# "created_at" remains not changed

您使用 attr_accessible 来防止局外人"干预您模型的某些属性(例如，您不希望通过简单的表单提交来更改您的Account.superadmin"属性，这将是一个糟糕的安全问题).

You use attr_accessible to prevent meddling with some attributes of your models by "outsiders" (e.g. you wouldn't want your "Account.superadmin" attribute to be changeable via a simple form submission, which would be a bad security issue).

请注意，无论白名单/黑名单"状态如何，您都可以单独更改属性:

Note, that you can change the attributes individually, regardless of their "whitelisting/blacklisting" status:

a.created_at = Time.now

a.created_at # => 2012-09-16 10:03:14

这篇关于对 rails 中的 attr_accessor 和 attr_accessible 感到困惑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！