#669 ✓resolved
dan (at angryamoeba)

Problem with protected attribute mass-assignment

Reported by dan (at angryamoeba) | November 24th, 2008 @ 04:28 AM

As detailed in this gist: http://gist.github.com/28330

Loosely speaking there is a write-protected attribute which can be set with mass assignment, but not direct assignment, thus missing the point of write-protection (I hope I'm just doing it wrong):


# The code:

class MerbAuthSliceFullfat::AuthenticatingClient
  include DataMapper::Resource

  # Key it
  property :id, Serial
  # The registration will belong to a user, who will be able to edit the client properties.
  property :user_id, Integer, :writer => :protected
end

# The problem:
>> c = AuthenticatingClient.new
=> #<MerbAuthSliceFullfat::AuthenticatingClient id=nil user_id=nil name=nil web_url=nil icon_url=nil api_key=nil secret=nil kind=nil callback_url=nil>
>> c.attributes = {:user_id=>10}
=> {:user_id=>10}
>> c.inspect
=> "#<MerbAuthSliceFullfat::AuthenticatingClient id=nil user_id=10 name=nil web_url=nil icon_url=nil api_key=nil secret=nil kind=nil callback_url=nil>"
>> c.user_id = 10
NoMethodError: protected method `user_id=' called for #<MerbAuthSliceFullfat::AuthenticatingClient:0x2574b60>
  from (irb):5
  from :0

Comments and changes to this ticket

  • Dan Kubb (dkubb)

    Dan Kubb (dkubb) November 30th, 2008 @ 01:20 AM

    • State changed from “new” to “open”
    • Assigned user changed from “Sam Smoot” to “Dan Kubb (dkubb)”

    Dan, I believe I may have found a solution to this problem. See the commit I made on the experimental dkubb/dm-core fork:

    http://github.com/dkubb/dm-core/...

    Let me know if this is more along the lines of what you need. Basically in a nutshell it only allows mass-assignment to public mutators.. anything protected or private will be denied.

  • Dan Kubb (dkubb)

    Dan Kubb (dkubb) December 2nd, 2008 @ 12:41 AM

    • State changed from “open” to “hold”

    Putting on hold until Dan replies to inquiry.

  • Dan Kubb (dkubb)

    Dan Kubb (dkubb) December 4th, 2008 @ 01:34 AM

    • State changed from “hold” to “resolved”
    • Assigned user changed from “Dan Kubb (dkubb)” to “Jonathan Stott (namelessjon)”

    It appears as if my changes to dkubb/dm-core have been backported to sam/dm-core by Jonathan:

    http://github.com/sam/dm-core/co...

    The example that Dan provides should never be able to happen now. Marking this as resolved.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Pages