rails中模型属性的保护级别
假设有以下情况
class User < ActiveRecord::Base private def password= p self[:password] = p end def password self[:password] end end 如果有权访问Rails控制台的任何人都可以:
Loading development environment (Rails 4.0.0) 2.0.0p247 :001 > User => User(id: integer, name:string, password:string) 2.0.0p247 :002 > u = User.find(1) => # 2.0.0p247 :003 > u.password = "123" NoMethodError: private method 'password' called for # 2.0.0p247 :004 > u[:password] = "123" => "123" 2.0.0p247 :005 > u => # 2.0.0p247 :005 > u.save => true
为什么会这样? 如何封装关键字段?
我猜测password在模型中是attr_accessible 。 当字段为attr_accessible ,Rails会自动让您读取和写入字段。 您有一个专用密码方法覆盖Rails password和password=方法,但您也没有覆盖[]和[]=方法。 您可以覆盖[]和[]=方法,也可以使password不是attr_accessible 。
以下是如何覆盖[]方法的代码示例:
class User < ActiveRecord::Base def [](word) puts "I am the master of: #{word}" end def []=(key, value) puts "Fluffy monsters" end end
使用此修订代码,以下是[]方法将返回的内容:
>> u[:password] = "123" => nil # prints "Fluffy monsters" in the console >> u[:password] => nil # prints "I am the master of: password" in the console