I just wanted to get everyone's opinion on this before attempting a pull
request.

When mass-assignment is disallowed by default with

config.active_record.whitelist_attributes = true

Two things happen

1. A message is logged "WARNING: Can't mass-assign protected attributes:
blah" (which is the case even if whitelist_attributes is not set to true
2. Mass assignment is not allowed without explicite declaration but there
is no error, the same application fails to save/update a model that
produces some other error which isn't easily apparent as to why it happened

I found it useful for my development to make 2 changes

1. Update log message to be more explicit such as "WARNING: Can't
mass-assign *in SomeModel* protected attributes: blah"
2. Thrown an exception - this would only make sense if whitelist_attributes
is set to true

Any opinion if this would be a good suggestion for the rails feature
request, specifically #2?

Thanks

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/HrpdVBd65KkJ.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Frederick Cheung at Jan 7, 2013 at 10:12 pm

    On Jan 7, 5:43 pm, Ilya Katz wrote:

    I found it useful for my development to make 2 changes

    1. Update log message to be more explicit such as  "WARNING: Can't
    mass-assign *in SomeModel* protected attributes: blah"
    2. Thrown an exception - this would only make sense if whitelist_attributes
    is set to true

    Any opinion if this would be a good suggestion for the rails feature
    request, specifically #2?
    #2 already exists:

    config.active_record.mass_assignment_sanitizer = :strict

    will turn on exception raising. A better error message wouldn't hurt
    though

    Fred
    Thanks
    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Ilya Katz at Jan 8, 2013 at 2:49 pm
    Thanks Fred

    Looks like strict sanitizer option is only available in 3.2 (I'm on 3.1 for
    now).
    On Monday, January 7, 2013 11:43:13 AM UTC-5, Ilya Katz wrote:

    I just wanted to get everyone's opinion on this before attempting a pull
    request.

    When mass-assignment is disallowed by default with

    config.active_record.whitelist_attributes = true

    Two things happen

    1. A message is logged "WARNING: Can't mass-assign protected attributes:
    blah" (which is the case even if whitelist_attributes is not set to true
    2. Mass assignment is not allowed without explicite declaration but there
    is no error, the same application fails to save/update a model that
    produces some other error which isn't easily apparent as to why it happened

    I found it useful for my development to make 2 changes

    1. Update log message to be more explicit such as "WARNING: Can't
    mass-assign *in SomeModel* protected attributes: blah"
    2. Thrown an exception - this would only make sense if
    whitelist_attributes is set to true

    Any opinion if this would be a good suggestion for the rails feature
    request, specifically #2?

    Thanks
    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/6sIvbhKz4BUJ.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedJan 7, '13 at 10:02p
activeJan 8, '13 at 2:49p
posts3
users2
websiterubyonrails.org
irc#RubyOnRails

2 users in discussion

Ilya Katz: 2 posts Frederick Cheung: 1 post

People

Translate

site design / logo © 2021 Grokbase