Mass-assignment notification with whiltelist_attributes set to true

I just wanted to get everyone’s opinion on this before attempting a pull
request.

When mass-assignment is disallowed by default with

config.active_record.whitelist_attributes = true

Two things happen

1. A message is logged “WARNING: Can’t mass-assign protected attributes:
   blah” (which is the case even if whitelist_attributes is not set to true
2. Mass assignment is not allowed without explicite declaration but
   there
   is no error, the same application fails to save/update a model that
   produces some other error which isn’t easily apparent as to why it
   happened

I found it useful for my development to make 2 changes

1. Update log message to be more explicit such as “WARNING: Can’t
   mass-assign in SomeModel protected attributes: blah”
2. Thrown an exception - this would only make sense if
   whitelist_attributes
   is set to true

Any opinion if this would be a good suggestion for the rails feature
request, specifically #2?

Thanks

On Jan 7, 5:43pm, Ilya K. [email protected] wrote:

I found it useful for my development to make 2 changes

1. Update log message to be more explicit such as “WARNING: Can’t
   mass-assign in SomeModel protected attributes: blah”
2. Thrown an exception - this would only make sense if whitelist_attributes
   is set to true

Any opinion if this would be a good suggestion for the rails feature
request, specifically #2?

#2 already exists:

config.active_record.mass_assignment_sanitizer = :strict

will turn on exception raising. A better error message wouldn’t hurt
though

Fred

Thanks Fred

Looks like strict sanitizer option is only available in 3.2 (I’m on 3.1
for
now).