Stack Overflow
Stack Overflow

Questions tagged [mass-assignment]

A feature of server-side web framework such as Ruby on Rails, in which all the parameters of an HTTP request are assigned to variables. Mass assignment security provides an interface for protecting attributes from end-user assignment.

Mass assignment is both a convenient feature and a major security concern for server-side code in web applications. If not secured properly, it can allow an attacker to set parameters that should not be controlled from the client.

External links

321 questions
2
votes
2 answers

Rails can't mass-assign protected attributes for id, created_at

I'm using rails as the server side of a backbone.js site, therefore I'm constantly passing the rails objects back and forth. I'm noticing errors in rails returning WARNING: Can't mass-assign protected attributes: id, created_at, updated_at. Of…
pedalpete
  • 21,076
  • 45
  • 128
  • 239
2
votes
1 answer

update nested attribute: WARNING: Can't mass-assign protected attributes: error

I spent so much time on this and lost half my hair by pulling it. Help. user: has_may :rights attr_accessible :rights_attributes right: belongs_to :user attr_accessible :user_id, :pgd_id, :link_id View: <%= semantic_form_for @user,…
nafkot
  • 103
  • 1
  • 7
2
votes
1 answer

STI and nested attribute mass assignment in mongoid?

Question on mass assignment through nested attributes using mongoid. Example: require 'mongoid' require 'mongo' class Company include Mongoid::Document has_many :workers,as: :workable, autosave: true accepts_nested_attributes_for…
GTDev
  • 5,488
  • 9
  • 49
  • 84
2
votes
1 answer

Rails 3 : Mass-assignment with ActiveAdmin and has_one

I am developing a rails application in which I have two models User and Client. User is backed by devise and is responsible for authentication and has_one Client which holds the client details for a given user. This relation is always present as I…
Tiago
  • 1,337
  • 11
  • 17
2
votes
1 answer

Mass assignment using RestSharp, POST request - MVC3

I've been doing a lot of research trying to find the best way to communicate a mass assignment POST request with my ASP.NET MVC3 app without much success. Here's the scenario: Like I mentioned, I have a ASP.NET MVC3 with standard REST methods, with…
Josh
  • 338
  • 3
  • 14
2
votes
7 answers

"Add [name] to fillable property to allow mass assignment on [Illuminate\Foundation\Auth\User]."

User.php code, here, whether I use fillable or gaurded, I get the same error.
sunny
  • 21
  • 1
  • 1
  • 2
2
votes
2 answers

nested attributes in simple_form returns mass assignment error

Models: class Topic < ActiveRecord::Base has_many :posts, :dependent => :destroy validates :name, :presence => true, :length => { :maximum => 32 } attr_accessible :name, :post_id end class Post <…
BasicObject
  • 765
  • 1
  • 5
  • 23
2
votes
2 answers

Mass assignment won't handle Null input even when default is set on migration.Any solution to this?

I have been using mass assignment a lot. I recently came across this issue, where I create fillable, and also defaults for null values, but on using mass assignment, if my inputs are empty, it returns a "Cannot Be Null" Error. My Model protected…
Manishbasnyat182
  • 136
  • 2
  • 5
2
votes
1 answer

Column not found error while trying to mass assign values inside controller

I'm getting this error when I'm trying to assign a value to all the columns in a table. Controller public function updateallcompany(Request $request, $id) { $active = $request->input('active'); AccessCode::where('company_id',…
bahdotsh
  • 459
  • 3
  • 17
2
votes
1 answer

Store foreign key value in laravel

In Migration Table: Schema::create('passws', function (Blueprint $table) { $table->increments('id'); $table->integer('regist_id')->unsigned()->nullable(); $table->foreign('regist_id')->references('id')->on('regists'); …
Samuel Henry
  • 153
  • 1
  • 3
  • 10
2
votes
1 answer

Bug? I've to mass-assign params two times to update has_many association

I've a Register model which has_many :telephones Register model accepts_nested_attributes_for :telephones, :reject_if number and code blank?, and has attr_accessible :telephones_attributes (and all other fields) Telephones belongs_to :register and…
BrenoSalgado
  • 21
  • 2
2
votes
1 answer

has_many through blowing away the association's metadata on mass association

Hey, Not a Rails noob but this has stumped me. With has many through associations in Rails. When I mass assign wines to a winebar through a winelist association (or through) table with something like this. class WineBarController def update …
Lawrence Whiteside
  • 2,594
  • 1
  • 16
  • 8
2
votes
4 answers

Ruby on Rails attr_protected

I have the following code in my User model: attr_protected :email I'm trying to create a new user object, but I get a mass assignment protected error with the following code. user = User.new( :first_name => signup.first_name, :last_name =>…
Brian
  • 5,951
  • 14
  • 53
  • 77
2
votes
2 answers

Laravel 5.1 - mass-assignable field, only when creating

I have a model containing some $fillable, mass-assignable fields. However, some of the fields should only be mass-assignable when creating, not when updating. What is the correct method of doing this? Thanks.
Qar
  • 1,746
  • 3
  • 17
  • 24
2
votes
1 answer

Upgrading to Rails 4 - Strong Parameters

I'm hitting some inconsistent behavior while trying to upgrade my project to Rails 4 from 3.2 incrementally with the strong_parameters gem. In config/application.rb I have the following: config.active_record.whitelist_attributes =…
sixtimes
  • 337
  • 2
  • 11
1 2 3
21 22