Rails - How to secure foreign keys and still allow association selection
Posted
by
Bryce
on Stack Overflow
See other posts from Stack Overflow
or by Bryce
Published on 2012-09-15T03:34:01Z
Indexed on
2012/09/15
3:37 UTC
Read the original article
Hit count: 143
For simplicity, assume that I have a simple has-many-through relationship
class User < ActiveRecord::Base
has_many :courses, :through => :registrations
end
class Registration < ActiveRecord::Base
belongs_to :user
belongs_to :course
end
class Course < ActiveRecord::Base
has_many :users, :through => :registrations
end
I want to keep my app secure, so I use attr_accessible
to whitelist my attributes.
My question is twofold:
How would I set up my whitelist attributes such that I could create a new Registration object through a form (passing in
:user
and:course
, but not risk allowing those foreign keys to be maliciously updated later?How would I set up my validations such that both
belongs_to
associations are required BUT also allow for Registration objects to be created in nested forms?
© Stack Overflow or respective owner