Upgrading Rails 3.2 to Rails 4 and Params

Question

I was upgrading my project from Rails3 to Rails4 with this tutorial: RailsCasts

I have a model:

  class Test < ActiveRecord::Base
    validates :content, :presence => true, :length => { :minimum => 2 }
    validates :name, :presence => true,    :length => { :minimum => 2 }
    validates :value, :presence => true      
  end

After upgrading, in rails console I tried to create new test object

   Test.create(name: "asd", content:"asd", value: 5)

And got

  WARNING: Can't mass-assign protected attributes for Achievement: name, content, value
  (0.2ms)  BEGIN
  (0.2ms)  ROLLBACK
=> #<Test id: nil, name: nil, content: nil, value: nil, created_at: nil, updated_at: nil>

Looks like I forgot to upgrade something. I tried to re-create rails application with overriding config and other rails files, but nothing changed.

I created new empty project and copied model files. It was working OK.

If I'll add

config.active_record.whitelist_attributes = false

to config/application.rb, my upgraded project will be working good. But it's not normal, because in empty rails4, this line was deleted.

What I forgot to upgrade or what must I do, to make upgraded project to work like empty created with rails4 and without config.activerecord ...?

UPD

raw_params = {:name => "asdasd", :content=>"asdasdasd", :value=>5} 
=> {:name=>"asdasd", :content=>"asdasdasd", :value=>5} 
2.0.0dev :002 > params = ActionController::Parameters.new(raw_params)
=> {"name"=>"asdasd", "content"=>"asdasdasd", "value"=>5} 
2.0.0dev :003 >  test = Test.create(params.permit(:name, :value, :content))
WARNING: Can't mass-assign protected attributes for Achievement: name, value, content
 (0.2ms)  BEGIN
 (0.2ms)  ROLLBACK
=> #<Test id: nil, name: nil, content: nil, value: nil, created_at: nil, updated_at: nil>

@NickGinanto yes, but I don't use controller when I type Test.create in console. — AKovtunov, Jul 07 '13 at 09:55
maybe this can help http://stackoverflow.com/questions/15960121/rails-4-strong-parameters-failing-when-creating-instances-in-rails-console — Nick Ginanto, Jul 07 '13 at 09:57
@NickGinanto I looked at it. http://stackoverflow.com/a/16097970/1656464 it is useful, but I try to discover, why rails4 shows me rails3 errors. — AKovtunov, Jul 07 '13 at 10:02

score 1 · Answer 1 · answered Jul 07 '13 at 10:37

1

In Rails 4, attr_accessible is not used any more to do mass-assignment checking. Mass-assignment refers to the practice of creating or updating a Model object by passing a hash of values. When you do mass-assignment in Rails 4, you have to specify which parameters are allowed and which ones are not. This is due to security reasons.

Take a look at the repository for strong_parameters, it contains a brief explanation of how mass-assignment security works in Rails 4. Especially look at Use Outside Of Controllers.

answered Jul 07 '13 at 10:37

mario

1,248
9
9

In my empty, created in rails4 app, this mass-assignment works good. And in app, that was upgraded from 3.2 to 4.0 it works not good. – AKovtunov Jul 07 '13 at 10:40
I didn't see updated post. Thanks. I'll look at Use Outside of Controllers. – AKovtunov Jul 07 '13 at 10:41
1

2.0.0dev :001 > raw_parameters = { :name => "John", :content => "Dorrow" ,:value => 4 } => {:name=>"John", :content=>"Dorrow", :value=>4} 2.0.0dev :002 > params = ActionController::Parameters.new(raw_parameters) => {"name"=>"John", "content"=>"Dorrow", "value"=>4} 2.0.0dev :003 > params.class => ActionController::Parameters 2.0.0dev :004 > a = Test.create(params.permit(:name, :content, :value)) WARNING: Can't mass-assign protected attributes for Achievement: name, content, value oh lol. – AKovtunov Jul 07 '13 at 12:54

Upgrading Rails 3.2 to Rails 4 and Params

UPD

1 Answers1

Linked