#2388 feature patch: config.active_record.raise_on_illegal_mass_assignment option - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#2388 ✓wontfix

feature patch: config.active_record.raise_on_illegal_mass_assignment option

Reported by azimux | April 1st, 2009 @ 03:15 AM | in 2.x

attr_accessor/attr_protected make it so that values that shouldn't be mass assigned but are present in the passed in hash are ignored. I'd like to have an option to have an exception/error raised in these situation instead of just having it ignored.

The attatched patch allows one to put


config.active_record.raise_on_illegal_mass_assignment = true

into the initializer block of environment.rb and then instead of ignoring bad keys in the hash sent to attributes=/new/create/update_attributes and friends, an IllegalMassAssignmentError will be raised.

Some thoughts: What might be cooler would be to have attr_protected! and attr_accessible! singleton methods on ActiveRecord::Base so that the behavior can be selected at the attribute instead of application level. This would require a slightly more complicated solution since 2 sets of protected/accessible attributes has to be maintained and processed in remove_attributes_protected_from_mass_assignment().

0001-Added-a-config.active_record.raise_on_illegal_mass_a.patch 2.1 KB

Comments and changes to this ticket

Pratik May 17th, 2009 @ 07:48 PM
- Assigned user set to “Jeremy Kemper”
- State changed from “new” to “wontfix”
We've had this feature before, but it has since been reverted. I think it's probably a better fit for a plugin. Assigning to Jeremy as he may have more to add.
You flagged this item as spam.
Paul Alexander February 23rd, 2011 @ 10:05 PM
- Importance changed from “” to “”
Plugin available at https://rubygems.org/gems/whiny-mass-assignment
You flagged this item as spam.
klkk May 23rd, 2011 @ 03:00 AM
www.louisvuittonwarehouse.com

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

People watching this ticket

Attachments

0001-Added-a-config.active_... 2.1 KB

Referenced by

1423 Optional Exception on Mass-assignment of Protected Attributes #2388 has a patch implementing this

Rails Ruby on Rails → 2.x