1

假设以下情况

class User < ActiveRecord::Base
  private
  def password= p
    self[:password] = p
  end

  def password
    self[:password]
  end
end

如果任何有权访问 Rails 控制台的人都可以执行以下操作:

Loading development environment (Rails 4.0.0)
2.0.0p247 :001 > User
 => User(id: integer, name:string, password:string)
2.0.0p247 :002 > u = User.find(1)
 => #<User id: 1, name: "Jack", password: "da6c253ffe0975ca1ddd92865ff3d5f0">
2.0.0p247 :003 > u.password = "123"
NoMethodError: private method 'password' called for #<User:0xa9145b0>
2.0.0p247 :004 > u[:password] = "123"
 => "123"
2.0.0p247 :005 > u
 => #<User id: 1, name: "Jack", password: "123">
2.0.0p247 :005 > u.save
 => true

为什么会这样?如何封装关键字段?

4

1 回答 1

0

我猜这passwordattr_accessible模型中。当一个字段是attr_accessible时,Rails 会自动让您读取和写入该字段。您有一个覆盖 Railspasswordpassword=方法的私有密码方法,但您也没有覆盖[][]=方法。您可以覆盖[]and[]=方法或将其设置password为 not attr_accessible

以下是如何覆盖该[]方法的代码示例:

class User < ActiveRecord::Base
  def [](word)
    puts "I am the master of: #{word}"
  end

  def []=(key, value)
    puts "Fluffy monsters"
  end
end

使用此修改后的代码,该[]方法将返回以下内容:

>> u[:password] = "123"
=> nil
# prints "Fluffy monsters" in the console

>> u[:password]
=> nil
# prints "I am the master of: password" in the console
于 2013-08-02T19:00:16.220 回答