
Problem with protected attribute mass-assignment
Reported by dan (at angryamoeba) | November 24th, 2008 @ 04:28 AM
As detailed in this gist: http://gist.github.com/28330
Loosely speaking there is a write-protected attribute which can be set with mass assignment, but not direct assignment, thus missing the point of write-protection (I hope I'm just doing it wrong):
# The code:
class MerbAuthSliceFullfat::AuthenticatingClient
include DataMapper::Resource
# Key it
property :id, Serial
# The registration will belong to a user, who will be able to edit the client properties.
property :user_id, Integer, :writer => :protected
end
# The problem:
>> c = AuthenticatingClient.new
=> #<MerbAuthSliceFullfat::AuthenticatingClient id=nil user_id=nil name=nil web_url=nil icon_url=nil api_key=nil secret=nil kind=nil callback_url=nil>
>> c.attributes = {:user_id=>10}
=> {:user_id=>10}
>> c.inspect
=> "#<MerbAuthSliceFullfat::AuthenticatingClient id=nil user_id=10 name=nil web_url=nil icon_url=nil api_key=nil secret=nil kind=nil callback_url=nil>"
>> c.user_id = 10
NoMethodError: protected method `user_id=' called for #<MerbAuthSliceFullfat::AuthenticatingClient:0x2574b60>
from (irb):5
from :0
Comments and changes to this ticket
-
Dan Kubb (dkubb) November 30th, 2008 @ 01:20 AM
- State changed from new to open
- Assigned user changed from Sam Smoot to Dan Kubb (dkubb)
Dan, I believe I may have found a solution to this problem. See the commit I made on the experimental dkubb/dm-core fork:
http://github.com/dkubb/dm-core/...
Let me know if this is more along the lines of what you need. Basically in a nutshell it only allows mass-assignment to public mutators.. anything protected or private will be denied.
-
Dan Kubb (dkubb) December 2nd, 2008 @ 12:41 AM
- State changed from open to hold
Putting on hold until Dan replies to inquiry.
-
Dan Kubb (dkubb) December 4th, 2008 @ 01:34 AM
- State changed from hold to resolved
- Assigned user changed from Dan Kubb (dkubb) to Jonathan Stott (namelessjon)
It appears as if my changes to dkubb/dm-core have been backported to sam/dm-core by Jonathan:
http://github.com/sam/dm-core/co...
The example that Dan provides should never be able to happen now. Marking this as resolved.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »