1

I am following One Month Rails screen cast tutorial. Since they use Rails 3 in the video, the attr_accessible attribute no longer works in rails 4. In the video they added a name parameter to attr_accessible

attr_accessible :email, :password, :password_confirmation, :name

In my attempt to follow the tutorial, I simply ignore this line completely since there was no attr_accessible for me to begin with. Magically, it works perfectly. How is this working, or is it only working on the surface but not really if I continue on with the project ?

In this question asked by someone else, the answer says attr_accessible is now redefined as strong parameters and everything is now in the controller. But I also did not mess with any controller (in fact I havn't generated a new controller since I started the project). Should I be worrying or is this all part of rails magic?

Community
  • 1
  • 1
user3277633
  • 1,891
  • 6
  • 28
  • 48

1 Answers1

2

Mass Assignment

The strong parameters methodology replaced attr_accessible in Rails 4 - it's basically a way to prevent mass assignment with your models.

Mass Assignment is where a malicious user will set many different param settings at once (over and above the ones you want). strong params was introduced to only allow certain data to populate your model, thus preventing the mass assignment issue

With Rails 4, you can read any data you want from the model, but when you're populating a new object, you'll only be able to submit data which has been whitelisted by a strong_params method, like this:

#app/controllers/your_controller.rb
class YourController < ApplicationController
   def create
      @model = Model.new(model_params)
   end

   private
   def model_params
       params.require(:model).permit(:your, :attributes)
   end
end

So the reason why you're able to get the app working without using attr_accessible is because you can pull data from the db without having to whitelist any param. You'll hit issues when you try and create data, which is where strong params come in

Richard Peck
  • 76,116
  • 9
  • 93
  • 147
  • 1
    After looking through my scaffold generated content, I was able to locate where the strong parameters are. thanks! – user3277633 Jun 17 '14 at 17:31
  • After messing with it even more, I finally understand what you meant by "hit issues when you create data". But the problem I am facing now is that I do not have a User controller, so I am not sure where to put my strong parameters. I do, however, have a user Model. Can i put strong parameters there? – user3277633 Jun 17 '14 at 19:01