You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Man Vuong edited this page Dec 22, 2013
·
6 revisions
Only visible fields are editable in RailsAdmin. Others will get caught and sanitized.
Basically you don't need to protect your attributes in RailsAdmin.
However, :attr_accessible and :attr_protected are taken into account: restricted fields are not editable (read_only).
If you whitelist attributes, don't forget to whitelist accessible associations' 'id' methods as well : division_id, player_ids, commentable_type, commentable_id, etc.
:attr_accessible specifies a list of accessible methods for mass-assignment in your ActiveModel models.