From 146105a40f3a55041a618099bd49a66a335bb20c Mon Sep 17 00:00:00 2001 From: Damien Mathieu <42@dmathieu.com> Date: Thu, 17 May 2012 10:25:59 +0200 Subject: explain why we also add attr_accessible in the model --- guides/source/getting_started.textile | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/getting_started.textile b/guides/source/getting_started.textile index 8f752524e9..c105007a1a 100644 --- a/guides/source/getting_started.textile +++ b/guides/source/getting_started.textile @@ -652,7 +652,7 @@ TIP: In development mode (which is what you're working in by default), Rails reloads your application with every browser request, so there's no need to stop and restart the web server when a change is made. -h4. Adding Some Validation +h4. Allowing the update of fields The model file, +app/models/post.rb+ is about as simple as it can get: @@ -667,6 +667,21 @@ your Rails models for free, including basic database CRUD (Create, Read, Update, Destroy) operations, data validation, as well as sophisticated search support and the ability to relate multiple models to one another. +Rails includes methods to help you secure some of your model fields. +Open the +app/models/post.rb+ file and edit it: + + +class Post < ActiveRecord::Base + attr_accessible :text, :title +end + + +This change will ensure that all changes made through HTML forms can edit the content of the text and title fields. +It will not be possible to define any other field value through forms. You can still define them by calling the `field=` method of course. +Accessible attributes and the mass assignment probem is covered in details in the "Security guide":security.html#mass-assignment + +h4. Adding Some Validation + Rails includes methods to help you validate the data that you send to models. Open the +app/models/post.rb+ file and edit it: -- cgit v1.2.3