Two ways come to mind:
- Insert the required behavior into your model's before_save, before_create and after_initialize callbacks.
- Manually modify your attribute accessors for the attributes in question to do the magic for you.
We'll use the following contrived Model as our example:
class Gogga < ActiveRecord::Base
end
CREATE TABLE `foo`.`goggas` (
`id` int(11) NOT NULL auto_increment,
`secret` varchar(255) default NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1
A Gogga has an id and a secret field. Let's pretend we need to keep Gogga.secret encrypted (using the super secret ROT13 algorithm) in our db and we would like the fact that it is encrypted to be transparent to our rails app. We need to therefore handle en/decryption of the secret data transparently from the rest of the app within the model.
Callbacks
The before_save, before_create and after_initialize callbacks are well documented in the Callbacks API documentation.
The strategy behind using the callbacks is to simply insert the behavior we want at the relevant stage of the object's life cycle. Here's one way to accomplish this using the mentioned callbacks:
class Gogga < ActiveRecord::Base
def before_save
self.secret = rot13(self.secret)
end
def before_create
self.secret = rot13(self.secret)
end
def after_initialize
self.secret = rot13(self.secret)
end
protected
def rot13(corpus)
return corpus.tr!("A-Za-z", "N-ZA-Mn-za-m")
end
end
If everything works as advertised our secret attribute should now be encoded when you call create or save on its model and decoded when you call a new on its model. The major drawback of this strategy is that if you are manipulating a large list of Goggas you will be post/pre-processing each of those instances.
The Lazy Way
An alternative would be to override the default behavior of the model to auto-generate attribute accessors via method_missing in the mystical black guts of ActiveRecord::Base. There's some info on this in the API docs as well in the Overwriting default accessors section.
This would look something like this:
class Gogga < ActiveRecord::Base
def secret
return rot13(read_attribute("secret"))
end
def secret=(value)
write_attribute("secret", rot13(value))
end
protected
def rot13(corpus)
return corpus.tr!("A-Za-z", "N-ZA-Mn-za-m")
end
end
This technique has the advantage that you never really mess with the internals of the model (as the view you have of it from outside is tinted by the accessor transformations) and of course work only gets done when you need to read/write the specific attribute.
Now, when you have one or two attributes that need to be protected writing out two accessors for each is not the end of the world. However, when you have several things become messy, tedious and downright boring.
Maybe we can look at some meta-magic to DRY things up a bit in another article.