locking down with ForbiddenAttributesProtection only on controllers

[abacha]

is it possible to lock down submit requests with ForbiddenAttributesProtection only if it came by a controller?
I wish I could do a "forced" update inside my model without worrying about attributes protection

[dhh]

AR will update with no protection if you just use a regular hash. It's only AP::Parameter classes that are subjected to the check.

On May 17, 2013, at 23:08, Adriano Bacha [email protected] wrote:

is it possible to lock down submit requests with ForbiddenAttributesProtection only if it came by a controller?
I wish I could do a "forced" update inside my model without worrying about attributes protection

—
Reply to this email directly or view it on GitHub.

[abacha]

then, I don't get why I'm having this error:

[1] pry > t                     
  => {:status=>:received, :request_date=>"2012-06-08", :value_date=>"2012-06-11",
    :settlement_date=>"2012-06-12", :value=>1500, :net_value=>1300, :type=>:rescue,
    :amount=>5000, :account_id=>1, :fund_id=>1}

  [2] pry > Transaction.new(t)

  ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: type
67  from /home/duke/.rvm/gems/ruby-1.9.3-p392@bigbang/gems/activemodel-3.2.13/lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes' 

maybe problems with a field named "type"?

[dhh]

Yes. Type is a reserved column name used for single-table inheritance. It's not available for general use.

On May 18, 2013, at 15:12, Adriano Bacha [email protected] wrote:

then, I don't get why I'm having this error:

[1] pry > t
=> {:status=>:received, :request_date=>"2012-06-08", :value_date=>"2012-06-11",
:settlement_date=>"2012-06-12", :value=>1500, :net_value=>1300, :type=>:rescue,
:amount=>5000, :account_id=>1, :fund_id=>1}

[2] pry > Transaction.new(t)

ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: type
67 from /home/duke/.rvm/gems/ruby-1.9.3-p392@bigbang/gems/activemodel-3.2.13/lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
maybe problems with a field named "type"?

—
Reply to this email directly or view it on GitHub.

[abacha]

but without strong_params I could use it without any trouble
STI do not use "type" column, its "entity_type", "entity_id", it has a
prefix

---

Adriano Neder Bacha

gtalk: abacha
skype: adriano.bacha

On Sun, May 19, 2013 at 1:22 AM, David Heinemeier Hansson <
[email protected]> wrote:

Yes. Type is a reserved column name used for single-table inheritance.
It's not available for general use.

On May 18, 2013, at 15:12, Adriano Bacha [email protected]
wrote:

then, I don't get why I'm having this error:

[1] pry > t
=> {:status=>:received, :request_date=>"2012-06-08",
:value_date=>"2012-06-11",
:settlement_date=>"2012-06-12", :value=>1500, :net_value=>1300,
:type=>:rescue,
:amount=>5000, :account_id=>1, :fund_id=>1}

[2] pry > Transaction.new(t)

ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected
attributes: type
67 from /home/duke/.rvm/gems/ruby-1.9.3-p392@bigbang/gems/activemodel-3.2.13/lib/active_model/mass_assignment_security/sanitizer.rb:48:in
`process_removed_attributes'
maybe problems with a field named "type"?

—
Reply to this email directly or view it on GitHub.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/142#issuecomment-18112187
.

[abacha]

and I don't use it as a column name, its a simple enum field