Upgrading Rails 3.2 to Rails 4 and Params -
i upgrading project rails3 rails4 tutorial: railscasts
i have model:
class test < activerecord::base validates :content, :presence => true, :length => { :minimum => 2 } validates :name, :presence => true, :length => { :minimum => 2 } validates :value, :presence => true end after upgrading, in rails console tried create new test object
test.create(name: "asd", content:"asd", value: 5) and got
warning: can't mass-assign protected attributes achievement: name, content, value (0.2ms) begin (0.2ms) rollback => #<test id: nil, name: nil, content: nil, value: nil, created_at: nil, updated_at: nil> looks forgot upgrade something. tried re-create rails application overriding config , other rails files, nothing changed.
i created new empty project , copied model files. working ok.
if i'll add
config.active_record.whitelist_attributes = false to config/application.rb, upgraded project working good. it's not normal, because in empty rails4, line deleted.
what forgot upgrade or must do, make upgraded project work empty created rails4 , without config.activerecord ...?
upd
raw_params = {:name => "asdasd", :content=>"asdasdasd", :value=>5} => {:name=>"asdasd", :content=>"asdasdasd", :value=>5} 2.0.0dev :002 > params = actioncontroller::parameters.new(raw_params) => {"name"=>"asdasd", "content"=>"asdasdasd", "value"=>5} 2.0.0dev :003 > test = test.create(params.permit(:name, :value, :content)) warning: can't mass-assign protected attributes achievement: name, value, content (0.2ms) begin (0.2ms) rollback => #<test id: nil, name: nil, content: nil, value: nil, created_at: nil, updated_at: nil>
in rails 4, attr_accessible not used more mass-assignment checking. mass-assignment refers practice of creating or updating model object passing hash of values. when mass-assignment in rails 4, have specify parameters allowed , ones not. due security reasons.
take @ repository strong_parameters, contains brief explanation of how mass-assignment security works in rails 4. @ use outside of controllers.
Comments
Post a Comment