attr_accessible with many roles
I recently ran into an interesting issue with attr_accessible due to overlooking certain configurations I made in my application.
The symptom was that when I would add attr_accessible to one of my models, suddenly all of the attributes would be inaccessible.
The problem stems from the fact that I had configured mass_assignment_role (used by attr_accessible) to resolve to :admin automatically if I was logged in as an administrator.
class ActiveRecord::Base def mass_assignment_role role = mass_assignment_options[:as] || (Authorization.current_user.role_symbols.include?(:admin) ? :admin : :default) end end
The problem is that by defining attr_accessible for the :default role it automatically locks down all attributes for any other role.
The solution was to simple remember to define the accessibility for both roles whenever defining attr_accessible:
class MyModel < ActiveRecord::Base @@accessible_attributes = %(attr1 attr2 attr3) attr_accessible *@@accessible_attributes attr_accessible *@@accessible_attributes, as: :admin end