Questions tagged [mass-assignment]

A feature of server-side web framework such as Ruby on Rails, in which all the parameters of an HTTP request are assigned to variables. Mass assignment security provides an interface for protecting attributes from end-user assignment.

Mass assignment is both a convenient feature and a major security concern for server-side code in web applications. If not secured properly, it can allow an attacker to set parameters that should not be controlled from the client.

External links

321 questions

-1

votes

1 answer

how to save has many through association in controller in rails?

i have a Projects model and User model. i want to establish has many through association between these models. now my requirement is i want to list all the users in the multiselect drop down, in projects/new form, by this i want to assign all users…

asked Jan 23 '16 at 15:13

John

1,273
3
27
61

-1

votes

2 answers

ActiveModel::ForbiddenAttributesError in-spite of params.require(:model).permit

I have a model for which I am permitting all updates for an admin user. This is the relevant code in the controller and model : private: class ModelsController < ApplicationController def model_params …

ruby-on-rails ruby activeadmin mass-assignment strong-parameters

asked Dec 27 '13 at 22:16

codeObserver

6,521
16
76
121

-1

votes

1 answer

Can't mass-assign protected attributes: email

I know this is a popular error, but I have class User < ActiveRecord::Base attr_protected :provider, :uid, :name, :email in my user model, but still get this error. Here is the detail: ActiveModel::MassAssignmentSecurity::Error in…

ruby-on-rails omniauth mass-assignment

asked Jun 23 '13 at 17:58

Erin Walker

-1

votes

1 answer

Mass assignment and roles in Rails

I have Users, Roles, and Network models in Rails 3. Users and Networks have a HMT relationship through Roles. If a User has an Role type of 'admin' with a specific Network, he/she can change the Role of other Users. It seems like the Role type…

ruby-on-rails mass-assignment attr-accessible

asked Jul 17 '12 at 01:05

dewyze

-1

votes

1 answer

Why the mass assignment code does not work

There is a mass assignment defined in sys_log model in our rails 3.1.4 app: attr_accessible :log_date, :user_name, :user_id, :user_ip, :action_logged, :as => :new_log A method is defined in application_controller to save the log: def…

ruby-on-rails ruby-on-rails-3.1 mass-assignment

asked May 30 '12 at 04:09

user938363

9,990
38
137
303

-4

votes

1 answer

Can't mass-assign protected attributes: title, description, cloth_type, pic Rails 3

When doing a POST to /cloth/create I get a WARNING: Can't mass-assign protected attributes: title, description, cloth_type, pic cloth.rb class Cloth include Mongoid::Document include Mongoid::Timestamps include…

ruby-on-rails ruby-on-rails-3 mongoid mass-assignment

asked Jan 03 '13 at 15:30

Shakeeb Ahmad

2,010
1
25
30

Prev 1 2 3

…