Open newspeedway opened 12 years ago
kristianmandrup
commented
12 years ago Sorry, no idea. I haven't used MongoMapper for about 2 years now. Also haven't followed devise internals since I created this gem. Feel free to patch it as you see fix or do whatever hacks u find necessary :)
lkalwa
commented
12 years ago Not sure if this is right place to fix this. Such bug occurs because MongoMapper::Document instances don't respond to #assign_attributes used by Devise. In my opinion fixing this should be done in orm_adapter gem or even in mongo_mapper (AR instances responds to this method)
kristianmandrup
commented
12 years ago Yes, should be added to mongo_mapper or orm_adapter IMO. Cheers!
kristianmandrup
commented
12 years ago http://apidock.com/rails/ActiveRecord/Base/assign_attributes - deprecated since 3.1 http://apidock.com/rails/ActiveRecord/AttributeAssignment/assign_attributes
Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.
To bypass mass-assignment security you can use the :without_protection => true option
http://mongomapper.com/documentation/plugins/accessible.html
attr_accessible allows you to specify a whitelist of keys that can be set when using mass-assignment.
Hmm...
avra911
commented
9 years ago kristianmandrup
commented
9 years ago Anyone using this, feel free to fix and submit a pull request or even take over maintenance of this project...
https://github.com/plataformatec/devise/pull/1894
Essentially this change means that you cannot edit a user without inputting the password (or if you forget to put in the password it errors out).
I'm not comfortable enough with Devise to suggest a fix. I deleted self.assign_attributes(params, *options) in devise /lib/devise/models/database_authenticatable.rb as a band-aid