Rails 4 migration clarification

[scottjacobsen]

The Rails 4 migration section of the documentation says to remove attr_accessible and attr_protected from the models being migrated. This will only work if you disable default whitelisting by setting:

config.active_record.whitelist_attributes = false

If default whitelisting is enable I found I need to disable the whitelist on a per model basis like this:

class Post < ActiveRecord::Base
   attr_protected # disable whitelist for this model
   include ActiveModel::ForbiddenAttributesProtection
end

Isn't it safer to keep default whitelisting enabled and disable only after the full migration is finished?

[mattbrictson]

@scottjacobsen Thanks for mentioning this! I was stuck trying to figure out why the migration instructions were not working for me. I like your suggestion, which would make the steps:

• Work one model at a time
• First add include ActiveModel::ForbiddenAttributesProtection
• And add attr_protected
• Verify controller/integration tests fail
• Fix by using require and permit
• Move on to the next model

Then set config.active_record.whitelist_attributes = false once the migration is complete.