laserlemon / vestal_versions

Keep a DRY history of your ActiveRecord models' changes
MIT License
933 stars 229 forks source link

MassAssignmentSecurity::Error when updating record in Rails 3.2.8 #86

Closed kidlab closed 10 years ago

kidlab commented 11 years ago

I'm using Rails 3.2.8 with the configuration:

config.active_record.whitelist_attributes = true

I got this error when updating a record:

ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: modifications, number, user
drush commented 11 years ago

Add this patch until it gets migrated into master @laserlemon :

module VestalVersions

The ActiveRecord model representing versions.

class Version < ActiveRecord::Base attr_accessible :modifications, :number, :user

end end

dreamr commented 11 years ago

This is all done on the rails_3 branch

On Tue, Dec 18, 2012 at 10:37 AM, Darren Rush notifications@github.comwrote:

Add this patch until it gets migrated into master @laserlemonhttps://github.com/laserlemon:

module VestalVersions

The ActiveRecord model representing versions.

class Version < ActiveRecord::Base attr_accessible :modifications, :number, :user

end end

— Reply to this email directly or view it on GitHubhttps://github.com/laserlemon/vestal_versions/issues/86#issuecomment-11499218.

JeanMertz commented 11 years ago

I'm not seeing anything like this in the Rails 3 branch, and it seems those changes have been merged into Master lately?

I'm also getting this error at the moment, I use the direct Github master branch version.

chrstphlbr commented 11 years ago

I'm also getting this error despite using branch 'rails_3'. Is there a fix in progress?

@drush your proposed patch isn't working for me

thanks in advance.

hrichter commented 11 years ago

actually the current master branch is still not containing any fix for this issue. Additionally, If you were to track deleted records and try to revert, you will notice that you need

attr_accessible :modifications, :number, :user, :reverted_from, :tag

but i think this is not very "clean", wouldn't it be better to generate the attribute list as needed, so there wouldn't be a mass assignment?

dreamr commented 11 years ago

So sorry, I am unavailable atm. My sailboat is stuck in Mexico after a storm. I wont be able to look at this until later this evening or tomorrow morning.

James OKelly

On Wed, Jan 16, 2013 at 12:41 PM, hrichter notifications@github.com wrote:

actually the current master branch is still not containing any fix for this issue. Additionally, If you were to track deleted records and try to revert, you will notice that you need

attr_accessible :modifications, :number, :user, :reverted_from, :tag

but i think this is not very "clean", wouldn't it be better to generate the attribute list as needed, so there wouldn't be a mass assignment?

— Reply to this email directly or view it on GitHubhttps://github.com/laserlemon/vestal_versions/issues/86#issuecomment-12338820.

caplod commented 11 years ago

I temporarily fixed it with an initializer file under config/initializers/patch_vestal_versions.rb with

VestalVersions::Version.module_eval do     
  attr_accessible :modifications, :number, :user
end     
gwincr11 commented 11 years ago

:reverted_from also seems to be affected by this bug.

tobypinder commented 11 years ago

+1 Confirming this issue, thanks all for the workarounds.

xyzren commented 11 years ago

Is this still unfixed? I am using the 1.2.3 c7aa512 version and got this problem.

kashif-umair commented 11 years ago

@caplod , Thank you very much for sharing the temporary patch. It saved me a lot of time and searching.

himesh-r commented 11 years ago

Has it been fixed? I followed the documentation and am facing the same issue... Patching doesnt seem good, but dont have any other choice right now. It would be good if someone updates the thread once it is foxed :)

wiredin commented 10 years ago

Just ran into this issue when trying to update a record

laserlemon commented 10 years ago

Should be fixed in master.

guy-silva commented 10 years ago

We are apparently running in this issue with the current version but we are updating from rails 3.2 to 4.0.3 So checking the the https://github.com/laserlemon/vestal_versions/blob/master/lib/vestal_versions/version.rb I can see the problem is

if ActiveRecord::VERSION::MAJOR == 3
  attr_accessible :modifications, :number, :user, :tag, :reverted_from
end

Would it be wrong to assume a fix would be

if ActiveRecord::VERSION::MAJOR >= 3
  attr_accessible :modifications, :number, :user, :tag, :reverted_from
end

Or do you think there are more places to be fixed in order to be running on rails 4?

midas commented 10 years ago

Rails 4 uses https://github.com/rails/strong_parameters and attr_accessible is deprecated. So that would not fix the issue.