1. Mass assignment doesn't care if the attributes are genreated by ActiveRecord, defined using attr-accessor, or implemented explicitly. It just doesn't allow some attributes to be mass assigned, so if the :secret is protected then user.attributes = {:secret => ...} user.update_attributes(:secret => ...) User.create(:secret => ...) won't work, but user.secret = ... will work always for protected & for not-protected attributes.
attr_accesseble & attr_protected can be used interchangeably, just use the one you like more, eg when User has 3 attributes: name, age & salary, then: attr_accessible :name, :age is the same as attr_protected :salary In both case name & age will be accessible and salary will be protected. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---