Stack Overflow
Stack Overflow

Questions tagged [mass-assignment]

A feature of server-side web framework such as Ruby on Rails, in which all the parameters of an HTTP request are assigned to variables. Mass assignment security provides an interface for protecting attributes from end-user assignment.

Mass assignment is both a convenient feature and a major security concern for server-side code in web applications. If not secured properly, it can allow an attacker to set parameters that should not be controlled from the client.

External links

321 questions
0
votes
1 answer

Can't create virtual attribute for railscast #102 autocomplete

I can't get what I'm doing wrong. I'm following instuctions from revised railscast #102. I have model Article: belongs_to :category def category_name category.try(:name) end def category_name=(name) self.category =…
MID
  • 1,815
  • 4
  • 29
  • 40
0
votes
1 answer

Mass assignment error in polymorphic favourite model setup

I am trying to adding favouriting to my app so that users can select favourite projects. I have tried to use the code that I found here:…
user1116573
  • 2,817
  • 4
  • 17
  • 27
0
votes
4 answers

Is there a way to do this in Rails without mass assignment?

Members create votes that both belong to them and to another model, Issues. Currently I'm doing this with a hidden form and passing the appropriate parameters. Here's the code on the issues index view: <%= form_for(@vote) do |f| %> <%=…
Dan
  • 641
  • 9
  • 25
0
votes
1 answer

Private methods not passing MassAssignmentSecurity in rails 3.2.8

after upgrading to rails 3.2.8 my private methods that passes mass assignment in rails 3.2.6 no longer passes i keep getting the mass assignment error. my controller is class AddressesController < BaseController # GET /addresses # GET…
Uchenna
  • 4,059
  • 6
  • 40
  • 73
0
votes
0 answers

Has_many through mass assignment error

I've read through the many threads on this topic and still can't see why my code won't work. I have the following: class User < ActiveRecord::Base has_many :user_roles has_many :user_groups, :through => :user_roles #define attributes and…
Paul Whitehouse
  • 57
  • 6
0
votes
1 answer

Can't mass-assign protected attributes: Appointment

I'm trying to create a listing object and an appointment object after an order has been successfully placed. The appointment object is nested within the Listing object if the user specifically orders an appointment with their listing. Can anyone…
Benamir
  • 1,107
  • 2
  • 11
  • 24
0
votes
3 answers

Can't mass-assign protected attributes: stripe_card_token

I'm trying to create a charge with stripe. I get the following error when attempting to create order object, but I have set attr_accessor :stripe_card_token. Does anyone know what I am doing wrong? ActiveModel::MassAssignmentSecurity::Error in…
Benamir
  • 1,107
  • 2
  • 11
  • 24
0
votes
1 answer

why am I getting a mass assignment error when my column is on my attr_accessible list

There are several related questions to this one. But none of the answers address my situation. I am getting this error on my localhost when trying to create a new policy. Can't mass-assign protected attributes: starts_on In my policy.rb model…
Ryan
  • 5,644
  • 3
  • 38
  • 66
0
votes
1 answer

Rails: New entry to a model that belongs_to two other

In my app, a Product has_many opinions, which are written by many clients. Here are models with associations: class Product < ActiveRecord::Base attr_accessible :name, :desc, :price has_many :opinions end class Client < ActiveRecord::Base …
Hassen
  • 6,966
  • 13
  • 45
  • 65
0
votes
1 answer

ActiveRecord roles with user permissions

Fairly new to rails so forgive me if I've misunderstood anything. I have a user model that looks like the below. Ideally what I'd like to do is have regular users only able to update their password, but have administrators able to change their…
David
  • 3
  • 1
0
votes
1 answer

Rails 3 Mass-Assignment Errors with fields_for

I have the following model relationships: OrderModel: has_one :credit_card accepts_nested_attributes_for :credit_card attr_accessible :user_id, :date_updated, :date_finished, :amount, :payment_method, :status, :billing_cycle,…
dennismonsewicz
  • 25,132
  • 33
  • 116
  • 189
0
votes
2 answers

Rails: Create a new entry in a model that belongs_to two other models

Consider a Store that has_many Products which have_many Opinions. Here are Models: Store: class Store < ActiveRecord::Base attr_accessible :desc, :location, :name, :phone, :status, :url has_many :products has_many :opinions, :through =>…
Hassen
  • 6,966
  • 13
  • 45
  • 65
0
votes
1 answer

WARNING:"Can't mass-assign protected attributes: created_at, updated_at",when I use gem ''omniauth-identity"

I get this error ActiveModel::MassAssignmentSecurity::Error in SessionsController#create Can't mass-assign protected attributes: created_at, updated_at I think I can add some codes to solve this problem. class User < ActiveRecord::Base …
JeskTop
  • 481
  • 1
  • 4
  • 20
0
votes
1 answer

Use config.active_record.mass_assignment_sanitizer = :strict only for specific controller

I would like to raise exceptions when trying to mass-assign an invalid attribute in the production environment, but only for a specific controller. I figured I should add config.active_record.mass_assignment_sanitizer = :strict to production.rb, but…
Roemer
  • 3,566
  • 1
  • 16
  • 32
0
votes
2 answers

What things do I need to know when creating model from another controller and mass-assignment

I have a model called DefaultCompany that has no controller, instead I create it through the companies_controller which calls the user.set_default_company (defined below) if they check the "default company" checkbox on the form. Default company is a…
ruevaughn
  • 1,319
  • 1
  • 17
  • 48
1 2 3
21 22