Defining read-only fields in Ecto Schema

fireproofsocks · June 25, 2018, 5:28am

I have an Ecto Schema which needs to restrict certain fields from being updated (for business reasons). What is the best way to do that? I saw this old issue in git: https://github.com/elixir-ecto/ecto/issues/629 but I couldn’t get before_insert or before_update to work anywhere (a full example would have helped). Is this even possible with the current version of Ecto? How are others accomplishing this?

thanks!

NobbZ · June 25, 2018, 5:37am

The before_* hooks have been removed in the very early days.

But perhaps you can build something around validate_change/3?

validate_change(cs, :read_only_field, fun :read_only_field, _ -> [read_only_field: "not allowed to change"] end)

fireproofsocks · June 25, 2018, 5:50am

That’s a good idea. Won’t the validate_change field raise an exception (error?) if a read-only field is submitted? For educational purposes, how could this be accomplished in a way that would let a user submit read-only fields, but the app would quietly omit them from the changeset?

NobbZ · June 25, 2018, 5:57am

No, it will invalidate the Changesset and append to the error list.

Don’t do this. Tell the user that (s)he is wrong, do not simply alter his/her provided data, (s)he will complain. But it should be possible as well, but you’ll need to do some extra work, as ecto isn’t build for that.

kwando · June 25, 2018, 7:04am

Just remove the “read only” fields from your Ecto.Changeset.cast or Ecto.Changeset.change function.

fireproofsocks · June 25, 2018, 4:05pm

Hmm… this is a bit trickier than I thought since I need this to occur only on UPDATES. By defining fields using validate_change() it looks like both inserts and updates get checked. When I inspect the changeset variable, it doesn’t seem to know what action is being taken until AFTER the database gets hit.

Ankhers · June 25, 2018, 4:13pm

This is a perfect scenario for two changeset functions!

def changeset(struct, params) do
  struct
  |> cast(params, list_of_all_fields())
  |> validation_one()
  |> validation_two()
end

def update_changeset(struct, params) do
  struct
  |> cast(params, list_of_updateable_fields())
  |> validation_three()
  |> validation_four()
end

Never feel like you have to pack everything into a single changeset function. You can always create as many as you need for a given module.

fireproofsocks · June 25, 2018, 4:21pm

Ah, that makes sense, thank you! I didn’t think of that. Great, so this works like I need it to now: the data comes in and I store it, but now only certain fields are editable.