Mass-assignment notification with whiltelist_attributes set to true

I just wanted to get everyone’s opinion on this before attempting a pull
request.

When mass-assignment is disallowed by default with

config.active_record.whitelist_attributes = true

Two things happen

  1. A message is logged “WARNING: Can’t mass-assign protected attributes:
    blah” (which is the case even if whitelist_attributes is not set to true
  2. Mass assignment is not allowed without explicite declaration but
    there
    is no error, the same application fails to save/update a model that
    produces some other error which isn’t easily apparent as to why it
    happened

I found it useful for my development to make 2 changes

  1. Update log message to be more explicit such as “WARNING: Can’t
    mass-assign in SomeModel protected attributes: blah”
  2. Thrown an exception - this would only make sense if
    whitelist_attributes
    is set to true

Any opinion if this would be a good suggestion for the rails feature
request, specifically #2?

Thanks

On Jan 7, 5:43pm, Ilya K. [email protected] wrote:

I found it useful for my development to make 2 changes

  1. Update log message to be more explicit such as “WARNING: Can’t
    mass-assign in SomeModel protected attributes: blah”
  2. Thrown an exception - this would only make sense if whitelist_attributes
    is set to true

Any opinion if this would be a good suggestion for the rails feature
request, specifically #2?

#2 already exists:

config.active_record.mass_assignment_sanitizer = :strict

will turn on exception raising. A better error message wouldn’t hurt
though

Fred

Thanks Fred

Looks like strict sanitizer option is only available in 3.2 (I’m on 3.1
for
now).

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs