ActiveModel::MassAssignmentSecurity::Error in MessagesController#create

47 views
Skip to first unread message

jsh

unread,
Mar 5, 2014, 2:42:41 PM3/5/14
to communi...@googlegroups.com

Hi, I am new to rails and CE.


When replying to a private msg in CE, I got the following error:


ActiveModel::MassAssignmentSecurity::Error in MessagesController#create

Can't mass-assign protected attributes: parent_id

I figured it can be fixed by overriding the message.rb in my app by doing this
----
class Message < ActiveRecord::Base
require_from_ce('models/message')
attr_accessible :parent_id
end
------

Is this a bug? or did I miss something?

Thanks!


Bruno Bornsztein

unread,
Mar 5, 2014, 2:59:32 PM3/5/14
to communi...@googlegroups.com
Hi Josh,
What version of Rails and CE are you using?

Thanks,
Bruno


--
You received this message because you are subscribed to the Google Groups "CommunityEngine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to communityengi...@googlegroups.com.
To post to this group, send email to communi...@googlegroups.com.
Visit this group at http://groups.google.com/group/communityengine.
For more options, visit https://groups.google.com/groups/opt_out.

jsh

unread,
Mar 5, 2014, 4:53:41 PM3/5/14
to communi...@googlegroups.com
Hi Bruno,

I am using Ruby2.0.0, Rails 3.2.17, CE master branch

Thanks!
josh

Bruno Bornsztein

unread,
Mar 6, 2014, 10:32:19 AM3/6/14
to communi...@googlegroups.com
Yeah, that looks like a bug. Can you file an issue on Github and/or submit a pull request with the fix? We need to make sure to update the message.rb and message_controller tests to catch this.

jsh

unread,
Mar 7, 2014, 4:52:11 PM3/7/14
to communi...@googlegroups.com
I just filed a github issue. i would be happy to fix message.rb and submit a pull request.
if you could hint me how to set up the dev env for CE project..(vs use CE as an Engine).. 

Thx~

Bruno Bornsztein

unread,
Mar 10, 2014, 9:29:50 AM3/10/14
to communi...@googlegroups.com
You'll just need to clone the repository and run tests. The CE repo contains a dummy app within the tests directory. You can run that app (cd into the test/testapp directory and `rails s`). You can also run the tests:

bundle exec rake db:drop db:create db:migrate 
bundle exec rake test








For more options, visit https://groups.google.com/d/optout.

jsh

unread,
Mar 11, 2014, 12:58:59 AM3/11/14
to communi...@googlegroups.com
ok.. I was able to set up the test/dev env.. ran 'bundle exec rake test', all tests passed

then I ran the test app and tried sending/replying private messages (using the credentials in fixtures/user.yml) in browser..
However, i was unable to reproduce the bug..it seemed working fine.

any idea?

Bruno Bornsztein

unread,
Mar 11, 2014, 8:48:49 AM3/11/14
to communi...@googlegroups.com
Hmm... I believe we'll need to update application.rb (https://github.com/bborn/communityengine/blob/master/test/testapp/config/application.rb) and set config.active_record.mass_assignment_sanitizer

I think what's happening is that in your Rails app, mass assignment is being protected, but not in the engine (when running stand-alone), so tests are passing. Make sense?

jsh

unread,
Mar 11, 2014, 3:17:04 PM3/11/14
to communi...@googlegroups.com
Yes! I have config.active_record.mass_assignment_sanitizer = :strict set in my development.rb and test.rb

I then tested the engine with config.active_record.mass_assignment_sanitizer = :strict 
It catches six mass assignment errors.
Reply all
Reply to author
Forward
0 new messages