All geek questions in one place

Rails atttr_accesible does not work as documented

In rails 3.2.1 I have a model:

class Player < ActiveRecord::Base attr_accessor :password attr_accessible :email, :password attr_accessible :email, :password, :confirmed, :as => :admin end

I keep getting ActiveModel::MassAssignmentSecurity::Error for the following:

 params[:player] #=> {:email => " some@email.com ", :password => "12345", :confirmed => true) player = Player.new(params[:player])

Why does this happen when all I want to do is ignore the :confirmed attribute and continue the business with it. The documentation makes me seem like I should do this, but I keep getting this exception, and it really works for me, because either I'm doing it wrong or the documents are wrong.

I would really like to help with this.

0
source share
2 answers

Comment this line in development.rb :

config.active_record.mass_assignment_sanitizer = :strict

A strict setting will cause an error, and the default setting will only log a warning.

+2
source

You can customize what you want when bulk assignment happens by setting Player.mass_assignment_sanitizer (or set it to ActiveRecord::Base so that it applies to all AR models)

You can also install it in your configuration files via config.active_record.mass_assignment_sanitizer

In our field, you can set it as :logger , which simply logs when these events occur, or :strict , which throws exceptions. You can also provide your own disinfectant. The current application template installs it strictly, although it is not.

+3
source

Source: https://habr.com/ru/post/1401882/

More articles:


All Articles