当前位置: 文江博客话题详情

Rails Active Record 中的 attr_accessible

发布于 2024-08-12 10:03:18 字数 117 浏览 6 评论 0原文

当我使用 attr_accessible 指定我将公开模型中的哪些字段时,脚本/控制台也是如此吗?我的意思是我没有指定为 attr_accessible 的东西也无法通过 console 访问?

原文

When I use the attr_accessible to specify which fields from my Model I will expose, is it true for script/console as well? I mean something that I didn't specify as attr_accessible won't be accessible as well through console ?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

失而复得 2024-08-19 10:03:18

这仅适用于批量分配。例如,如果您要在模型中设置 attr_protected :protected

>> Person.new(:protected => "test")
=> #<Person protected: nil>

相反,您可以使用 attr_accessible 将您想要的所有属性设置为可访问。

但是,以下内容仍然有效:

>> person = Person.new
=> #<Person protected: nil>
>> person.protected = "test"
=> #<Person protected: "test">

这与控制器、视图等中的行为相同。attr_protected 仅防止变量的大规模分配,主要来自表单等。

This is only true for mass assignment. For instance, if you were to set attr_protected :protected in your model:

>> Person.new(:protected => "test")
=> #<Person protected: nil>

Conversely, you could set all attributes you want as accessible using attr_accessible.

However, the following will still work:

>> person = Person.new
=> #<Person protected: nil>
>> person.protected = "test"
=> #<Person protected: "test">

This is the same behaviour as in controllers, views, etc. attr_protected only protects against mass assignment of variables, primarily from forms, etc.

回复 原文
贱人配狗天长地久 2024-08-19 10:03:18

控制台的行为与 Rails 应用程序完全相同。如果您保护特定模型的某些属性,则您将无法从控制台或 Rails 应用程序本身批量分配这些属性。

The console behaves exactly as your Rails application. If you protected some attributes for a specific model, you won't be able to mass assign these attributes either from console or from the Rails app itself.

回复 原文
秋凉 2024-08-19 10:03:18

我找到了原因:

指定可以通过批量分配设置的模型属性白名单,例如 new(attributes)update_attributes(attributes)属性=(属性)
这与 attr_protected 宏相反:

 Mass-assignment will only set attributes in this list, to assign to the rest of 
attributes you can use direct writer methods. This is meant to protect sensitive  
attributes from being overwritten by malicious users tampering with URLs or forms. 
If you‘d rather start from an all-open default and restrict attributes as needed,
have a look at `attr_protected`.

所以这意味着它只是避免批量分配,但我仍然可以设置一个值。

I found why:

Specifies a white list of model attributes that can be set via mass-assignment, such as new(attributes), update_attributes(attributes), or attributes=(attributes).
This is the opposite of the attr_protected macro:

 Mass-assignment will only set attributes in this list, to assign to the rest of 
attributes you can use direct writer methods. This is meant to protect sensitive  
attributes from being overwritten by malicious users tampering with URLs or forms. 
If you‘d rather start from an all-open default and restrict attributes as needed,
have a look at `attr_protected`.

So it means that it just avoid mass-assignment but i can still set a value.

回复 原文
茶色山野 2024-08-19 10:03:18

当您将某些内容指定为 attr_accessible 时,只有这些内容可以在控制台或网站界面中访问。

例如:假设您将 nameemail 设置为 attr_accessible

attr_accessible :name, :email

并省略了 created_atupdated_at< /code> (你应该这样做)。
然后您只能在控制台中编辑/更新这些字段。

When you specify somethings to be attr_accessible only those things can be accessed in console or by website Interface.

eg: Suppose you made name and email to be attr_accessible:

attr_accessible :name, :email

and left out created_at and updated_at (which you are supposed to).
Then you can only edit/update those fields in console.

回复 原文
本王不退位尔等都是臣 2024-08-19 10:03:18

如果你想从你的模型中公开一个字段,你可以使用

attr_accessor :meth # for getter and setters
attr_writer :meth # for setters
attr_reader :meth # for getters

,或者如果你想向你的属性添加一些行为,你必须使用虚拟属性

def meth=(args)
 ...
end
def meth
 ...
end

If you want to expose a field form your model, you can use

attr_accessor :meth # for getter and setters
attr_writer :meth # for setters
attr_reader :meth # for getters

or if you want add some behaviour to your attribute, you ll have to use virtual attributes

def meth=(args)
 ...
end
def meth
 ...
end

cheers.

回复 原文
~没有更多了~

关于作者

初相遇

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

游缘惊梦

文章 0 评论 0

小兔几

文章 0 评论 0

Glik

文章 0 评论 0

生生漫

文章 0 评论 0

Luxian

文章 0 评论 0

Champion-Ming

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文