Home/ Questions/Q 9088599
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T21:56:19+00:00

Trying to find the definitive answer on whether active record associations should be in

  • 0

Trying to find the definitive answer on whether active record associations should be in the list of attr_accessible attributes.

I’ve seen 

class Foo

  attr_accessible :name
  attr_accessible :bars

  belongs_to :bar
end

also seen

  attr_accessible :bars_id

want to know the proper way to be able to do Foo.new(name: ‘name’ bar: barvar)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As often the definitive answer is: “It depends™”

    Only the attributes you want to mass-assign should be made accessible.

    So if you want or need to do…

    Foo.new(name: 'name', bar: barvar)

    …then you simply have to make bar accessible.

    In the end assign_attributes is called which does a simple send("#{attribute_name}=", attribute_value) after checking the accessibility of the attribute.

    Some coding style aspects:

    Often mass assignment happens when processing the param hash. At least that’s where the security problems are lurking. There you rarely have a Bar object but more often a bar_id.

    However if you work with model instances, most people prefer using the association methods (as @Andrew Nesbitt wrote) because that often has some advantages (automatic saving, automatic update of the association counterpart, cleaner code, …)

    So there are reasons to have one or the other or both.

    My personal opinion: One should not waste a lot of time on this topic since Rails 4.0 will have a better solution for parameter sanitizing. (See strong_parameters if you want it in Rails 3, too)

    • 0