Forum: Ruby on Rails Mass-assignment notification with whiltelist_attributes set to true

I just wanted to get everyone's opinion on this before attempting a pull
request.

When mass-assignment is disallowed by default with

config.active_record.whitelist_attributes = true

Two things happen

1. A message is logged "WARNING: Can't mass-assign protected attributes:
blah" (which is the case even if whitelist_attributes is not set to true
2. Mass assignment is not allowed without explicite declaration but 
there
is no error, the same application fails to save/update a model that
produces some other error which isn't easily apparent as to why it 
happened

I found it useful for my development to make 2 changes

1. Update log message to be more explicit such as  "WARNING: Can't
mass-assign *in SomeModel* protected attributes: blah"
2. Thrown an exception - this would only make sense if 
whitelist_attributes
is set to true

Any opinion if this would be a good suggestion for the rails feature
request, specifically #2?

Thanks

On Jan 7, 5:43pm, Ilya Katz <ilyak...@gmail.com> wrote:

> I found it useful for my development to make 2 changes
>
> 1. Update log message to be more explicit such as "WARNING: Can't
> mass-assign *in SomeModel* protected attributes: blah"
> 2. Thrown an exception - this would only make sense if whitelist_attributes
> is set to true
>
> Any opinion if this would be a good suggestion for the rails feature
> request, specifically #2?
>

#2  already exists:

config.active_record.mass_assignment_sanitizer = :strict

will turn on exception raising. A better error message wouldn't hurt
though

Fred

Thanks Fred

Looks like strict sanitizer option is only available in 3.2 (I'm on 3.1 
for
now).