Rails - How to secure foreign keys and still allow association selection

Posted by Bryce on Stack Overflow See other posts from Stack Overflow or by Bryce
Published on 2012-09-15T03:34:01Z Indexed on 2012/09/15 3:37 UTC
Read the original article Hit count: 146

For simplicity, assume that I have a simple has-many-through relationship

class User < ActiveRecord::Base
  has_many :courses, :through => :registrations
end

class Registration < ActiveRecord::Base
  belongs_to :user
  belongs_to :course
end

class Course < ActiveRecord::Base
  has_many :users, :through => :registrations
end

I want to keep my app secure, so I use attr_accessible to whitelist my attributes.

My question is twofold:

  1. How would I set up my whitelist attributes such that I could create a new Registration object through a form (passing in :user and :course, but not risk allowing those foreign keys to be maliciously updated later?

  2. How would I set up my validations such that both belongs_to associations are required BUT also allow for Registration objects to be created in nested forms?

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about ruby-on-rails-3