search

jbox-web / redmine_jenkins

A Redmine plugin which makes building your Jenkins projects easy ;)
MIT License
71 stars 32 forks source link

ProtectedAttributes/StrongParameters problem #32

Closed niosHD closed 9 years ago

niosHD commented 9 years ago

Hi, I just installed your plugin into redmine 3 and discovered an issue when saving a Jenkins connection.

Error:

WARNING: Can't mass-assign protected attributes for JenkinsSetting: url, auth_user, auth_password, show_compact, wait_for_build_id

The problem seems to be related to ProtectedAttributes/StrongParameters. I managed to work around the it by adding attr_accessible :url, :auth_user, :auth_password, :show_compact, :wait_for_build_id to the jenkins_setting model in addition to sanitizing the params dict with StrongParameters (require, permit). (The redmine 3 Gemfile imports the protected_attributes gem.) However, I am unsure if this is the right fix, especially with backward compatibility in mind.

Regards, niosHD

Environment for completeness:

Environment:
  Redmine version                3.0.0.stable
  Ruby version                   2.1.5-p273 (2014-11-13) [x86_64-linux]
  Rails version                  4.2.0
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.8.8
  Mercurial                      2.8.2
  Git                            1.9.1
  Filesystem                     
  Xitolite                       1.9.1
Redmine plugins:
  redmine_bootstrap_kit          0.2-devel
  redmine_code_review            0.7.0
  redmine_git_hosting            1.0-devel
  redmine_jenkins                0.1
  redmine_theme_changer          0.2.0
n-rodriguez commented 9 years ago

I managed to work around the it by adding attr_accessible :url, :auth_user, :auth_password, :show_compact, :wait_for_build_id to the jenkins_setting model (The redmine 3 Gemfile imports the protected_attributes gem.)

This is the right thing to do.

in addition to sanitizing the params dict with StrongParameters (require, permit). However, I am unsure if this is the right fix, especially with backward compatibility in mind.

As you said this won't be backward compatible as StrongParameters don't exist in Redmine 2.x / Rails3. I will add StrongParameters when Redmine 2.x branch will be marked as obsolete. For now attr_accessible do the job.

Thank you!