Ruby on Rails

On Jun 27, 5:37 pm, Peter Bell <pe...@pbell.com> wrote:
> A User has many teachers. I'm trying to lock down my API. I have a "user.add_teacher teacher" method and want to make that the *only* way to "user.teachers << teacher". Any way to lock down the teachers association so it is read only from outside the user class and only settable within self?
>
> I'm not just looking for attr_protected to avoid mass assignment. I'm specifically looking to ensure that nobody on the team will write "user.teachers << teacher" and bypass all of the additional business logic in the add_teacher method. I know I can do a "find within project" for "teachers <<" but don't want to remember to have to do that.
>
> I know my specs should catch anything that's amiss, and I'm not sure whether this is an idiomatic approach in Ruby/Rails but I'd appreciate any thoughts/suggestions.
>

could you overwrite << in your association proxy ie

class User
has_many :teachers do
def <<(*args)
raise "don't use me!"
end
end
end

?

There are lots of other ways users can add teachers though, eg
user.teachers.build, Teacher.new(:user_id => some_user.id) etc so I
don't thing you can make this completely watertight.

Fred
> Thanks,
> Peter

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.