Re: Mass-assignment notification with whiltelist_attributes set to true

[Frederick Cheung]

On Jan 7, 5:43 pm, Ilya Katz <ilyak...@gmail.com> wrote:

> I found it useful for my development to make 2 changes
>
> 1. Update log message to be more explicit such as  "WARNING: Can't
> mass-assign *in SomeModel* protected attributes: blah"
> 2. Thrown an exception - this would only make sense if whitelist_attributes
> is set to true
>
> Any opinion if this would be a good suggestion for the rails feature
> request, specifically #2?
>

#2 already exists:

config.active_record.mass_assignment_sanitizer = :strict

will turn on exception raising. A better error message wouldn't hurt
though

Fred
> Thanks

[Ilya Katz]

Thanks Fred

Looks like strict sanitizer option is only available in 3.2 (I'm on 3.1 for now).

On Monday, January 7, 2013 11:43:13 AM UTC-5, Ilya Katz wrote:

I just wanted to get everyone's opinion on this before attempting a pull request. 

When mass-assignment is disallowed by default with

config.active_record.whitelist_attributes = true

Two things happen

1. A message is logged "WARNING: Can't mass-assign protected attributes: blah" (which is the case even if whitelist_attributes is not set to true

2. Mass assignment is not allowed without explicite declaration but there is no error, the same application fails to save/update a model that produces some other error which isn't easily apparent as to why it happened

I found it useful for my development to make 2 changes

1. Update log message to be more explicit such as  "WARNING: Can't mass-assign in SomeModel protected attributes: blah"

2. Thrown an exception - this would only make sense if whitelist_attributes is set to true

Any opinion if this would be a good suggestion for the rails feature request, specifically #2?

Thanks