Reputation: 3466
How to make update_attributes fail for mass assignment warning
I constructed an object based on parameters and passed it into the update_attributes method, within my controller's update method. The object had one attribute (xyz) that was not listed as part of attr_accessible list in the model. Rails skipped updating the attribute in question and generated a warning that mass-assignment of attribute xyz failed.
I would like to make sure that update_attributes fails if this kind of situation occurs instead of just getting a warning. Is there a config setting or an option that can be passed in to the update_attributes call to make this happen?
Upvotes: 2
Views: 280
Answers (2)
Reputation: 25761
You can change the config to use a sanitizer that will raise an exception:
config.active_record.mass_assignment_sanitizer = :strict
Edit: This is available since 3.2. Your question is tagged with rails 3.1, so it won't work. You can upgrade to 3.2, or take a look at this SO question on how to patch the sanitizer.
Upvotes: 4
Reputation: 3095
Set your own mass_assignment_sanitizer using mass_assignment_sanitizer= and you probably want to look at active_model/mass_assignment_security/sanitizer.rb for examples and active_model/mass_assignment_security.rb for how to set up your own Sanitizer that will fail.
Upvotes: 2
Related Questions
- ActiveRecord update_attributes to ignore invalid keys
- Make mass_assignment protection error not silent in Rails 3.2.x?
- How to protect from mass assignment for models in has_many association?
- How can I suppress the assignment of one or more fields in a Ruby-On-Rails mass-assignment?
- Mass assignment warning when using nested attributes
- I get the warning "Can't mass-assign protected attributes"
- how to protect attributes from mass assignement
- WARNING: Can't mass-assign protected attributes
- Getting Mass Assignment warning but don't know why
- Throw an exception whenever someone tries to mass-assign protected attributes