I’m adding stuff to params[:record] but ActiveScaffold doesn’t use it. Why?
ActiveScaffold doesn’t just apply the whole params[:record] hash. Instead, it whitelists fields it expects from the form. Which is to say, if ActiveScaffold didn’t know that role_id was supposed to be on the form, it will ignore the params[:record][:role_id] entry. If it didn’t work this way, then URL hackers could submit extra data and do all kinds of fun things including privilege escalation. If you need to apply your own data to the record before its gets saved, what you should do instead is define before_create_save(record) or before_update_save(record) on your controller. ActiveScaffold will check for these methods and pass them the record object so you can do common things like attach the current user as the record’s owner.
Related Questions
- I’m interested in joining a biking trip, but my significant other, or friend doesn’t enjoy bike touring for long hours each day. Can he/she still join the group and ride or not ride?
- I’m concerned about the permanence of the foreclosure sale I’m contemplating. Doesn’t the former owner have the right to buy the house back within a year?
- I’m adding stuff to params[:record] but ActiveScaffold doesn’t use it. Why?
