similar to: Can't mass-assign protected attributes even if I use attr_accessible

Please refer to the ActiveModel MassAssignmentSecurity api<http://api.rubyonrails.org/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html>for this. I''m on Rails3.2.3/Ruby1.9.3 and trying to use that technique in the controller as described. It is supposed to dynamically restrict the attributes that can be mass assigned. However, sanitize_for_mass_assignment is ignoring

I need to add some mass assignment protection (ala ActiveModel::MassAssignmentSecurity) but I can''t find how to do it contextually. For example, in one controller action I want to to whitelist attributes x, y and z and in another I want to whitelist attribs y and z. How can I do that? The attr_accessible function has a class-wide scope, whether in a model or in a controller. But I would

Is there a way to tell Rails to ignore attr_accessible when seeding the database and to allow mass assignment with create or new? I know how to skip validations but do not find anything on mass assignment... -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

(I posted this as a bug in GitHub (https://github.com/rails/rails/issues/7018), but then someone there told me I should post it here, so here it is.) If you set attr_accessible on some properties in an ActiveRecord-descended class, and then attr_protected on others - the class becomes ''default-open'' - if any properties are missed or added later, they will be accessible by

Hi, What''s the difference between attr_accessor and attr_accessible? Is attr_accessor to create a virtual variable/object and attr_accessible makes it accessible? Do you need attr_accessible if you already have attr_accessor? Thanks! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails:

I''m going though the paper back edition of agile development with Rails. On page #128 I encountered following lines of code: attr_accessor :password attr_accessible :name,:password What''s the difference between attr_accessor and attr_accessible? -=- Neeraj _______________________________________________ Rails mailing list

Hi, I would like to protect all the attributes of one of my model. This ticket talks about this issue: http://dev.rubyonrails.org/ticket/9631 , and a patch to the documentation was submitted: http://dev.rubyonrails.org/changeset/8032 , which actually states that defining :attr_accessible alone, means all attributes are protected. However when I look at the rails API page for attr_accessible, I

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

i''m still new to rails and working on digesting everything i come across. recently i came across these two. what is the difference between attr_accessor and attr_accessible? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

I''m working on an app which has a :featured_at in Users and Groups tables. The attribute enables a site admin to set records to a :featured_at datetime. There''s named spaced admin controllers for the Users and Groups. The problem is, to set the :featured_at in the admin controllers for users and groups, the attribute had to be exposed under attr_accessible in User.rb and

Please guide me how to use those two methods. I can''t differentiate them. I was doing something on my model and I have put one field in the attr_accessible method. After that when I try to run the app the app always says my other fields are blank, but they''re all filled up. What''s wrong with it? Thanks --~--~---------~--~----~------------~-------~--~----~ You received

I''ve been puzzling over how to test that attr_accessible has been set for the correct columns; but the tests I''ve come up with so far seem to fail to fail when I expect. I came across this old message from this list: http://www.mail-archive.com/rspec-users at rubyforge.org/msg01570.html Which seemed like a plausible example, but my attempt (modeled on the example)

Hello everybody I have a problem with my inquireis, when I want to contact and I send the message, I must receive two emails one of confirmation (client) and other of notification (admin of the web page) but it does not send. The webpage work in production environment. When I watch the log (production.log) I seed this: > > There was an error delivering an inquiry confirmation: > 503

Is anyone out there writing specs to check attr_accessible fields? I had originally written my spec to check for allowing the desired fields, and then none of the other regular db fields. Unfortunately this isn''t satisfactory, because attr_protected could have been used instead, which of course wouldn''t prevent mass assignment to any whatever=(val) method. I''m thinking

Hi all, I want to implement tagging for my resources, but I found lots "acts_as_taggable" available: "acts_as_tabble", "acts_as_taggable_on", "acts_as_taggable_on_steroid", etc. Some of them are not in active development, and I do not know which one is more popular. So, any suggestions? Thanks in advance! Difei. -- Posted via http://www.ruby-forum.com/.

Hi, I''m trying to understand this error: WARNING: Can''t mass-assign these protected attributes: active I had this error before when creating a record.I did not mark the attibutes posted from the form as attr_accessible, so when the following line tries to execute it throwed an Warning in the log, and the record was not saved. @user = User.new(params[:user]) I find out that I

I am doing controller testing, and I can''t seem to get the create method test to pass when friendly_id is added to the mix. If I comment it out of the model, the tests all pass perfectly. The moment I add it back in, the error looks like this: 1) Error: test_create_valid(BrandsControllerTest): FriendlyId::BlankError: FriendlyId::BlankError

Rails 2.3.5 I am working on a nested form that assigns roles to users through a table called clearances. I have attr_acessable turned off globally in an initializer: ActiveRecord::Base.send(:attr_accessible, nil) I have this set in clearance.rb attr_accessible(:description, :effective_from, :role_id, :superceded_after, :user_id) And this is what params looks like after the

I have 2 models Timesheet and TimeEntry: class Timesheet < ActiveRecord::Base attr_accessible :status, :user_id, :time_entries_attributes has_many :time_entries, dependent: :destroy accepts_nested_attributes_for :time_entries, :reject_if => proc { |attributes| attributes[''worktime''].blank? } end class TimeEntry < ActiveRecord::Base attr_accessible :task_id,

When I make a new post in my blog, it returns this when I try to view my current posts: --------------------------------------------------------------------------- ActiveModel::MassAssignmentSecurity::Error in PostsController#create Can''t mass-assign protected attributes: text Rails.root: C:/Users/Josh Koloff/Desktop/Programming Stuff/Rails Stuff/blog Application Trace | Framework