Stack Overflow
Stack Overflow

Questions tagged [mass-assignment]

A feature of server-side web framework such as Ruby on Rails, in which all the parameters of an HTTP request are assigned to variables. Mass assignment security provides an interface for protecting attributes from end-user assignment.

Mass assignment is both a convenient feature and a major security concern for server-side code in web applications. If not secured properly, it can allow an attacker to set parameters that should not be controlled from the client.

External links

321 questions
2
votes
2 answers

Rails, nested attributes, can't mass assign error

I have two models on server: Feed class Feed < ActiveRecord::Base attr_accessible :name belongs_to :broadcasts end Broadcast class Broadcast < ActiveRecord::Base validates_presence_of :content attr_accessible :content, feeds,…
George
  • 497
  • 5
  • 15
2
votes
1 answer

Rails 3.2 strict mass assignment defaults

In a new rails project what is the reason mass assignment is not set to strict in production and the reason that it is set to strict in development and test?
maletor
  • 7,072
  • 7
  • 42
  • 63
2
votes
2 answers

ActiveAdmin role for mass assignment

In my models I have defined different roles for mass assignment. Some fields are attr_accessible :as => :default. Other fields are attr_accessible :as => [:default, :admin]. How can I allow ActiveAdmin to be able to update attributes as an admin…
Venkat D.
  • 2,979
  • 35
  • 42
2
votes
1 answer

Disable MassAssignmentSecurity

Is there a way of completely disabling the MassAssignmentSecurity feature in Rails3? We're busy with an upgrade and need to disable it for a while :)
Gazza
  • 3,051
  • 1
  • 20
  • 22
2
votes
1 answer

Rspec - post - MassAssignmentSecurity::Error

I have few models: User and Article. User has_many articles and Article belongs to user. I try to write test to check Post method (NOTE: i use locales in my application): require 'spec_helper' describe ArticlesController do render_views …
ExiRe
  • 4,727
  • 7
  • 47
  • 92
2
votes
1 answer

mass-assignment error with whitelist_attributes set to false

I'm currently in the process of upgrading an application from Rails 2.3.8 to Rails 3.2.7, and am having some trouble with mass-assignment. When I try and save any model, I get the following error: Can't mass-assign protected attributes: a,b,c,d I…
Breathtender
  • 490
  • 5
  • 15
2
votes
1 answer

Get mass assignable attributes for model

How can i get mass assignable attributes for model? I found this, but it seems to me kinda dirty. Game.accessible_attributes.to_a.reject{|i| i.empty?} Is there any cleaner way?
Mailo Světel
  • 24,002
  • 5
  • 30
  • 40
2
votes
3 answers

How to prevent mass assignments on associations the right way?

Let's say i have a model Warehouse, a model Car, and a model Dealer. model Car is like: attr_accessible :make, :year belongs_to :warehouse belongs_to :dealer controller Cars is like: def create car =…
CodeOverload
  • 47,274
  • 54
  • 131
  • 219
2
votes
1 answer

Rails: MassAssignmentSecurity::Error

Following the ruby on rails guide developer can't mass-assign protected fields but don't get exception trying to do it, right? But in my case mass-assignment different params through new method in rails application: @edition = Edition.new…
tiktak
  • 1,801
  • 2
  • 26
  • 46
2
votes
2 answers

Assignment of a protected attribute in Rails

I have a field on my User model that is protected because it determines clearance level. So it should be left protected and not mass-assignable. So even though attributes are protected by default in 3.2, that is actually the behavior I…
Jonathan Allard
  • 18,429
  • 11
  • 54
  • 75
2
votes
1 answer

MassAssignmentSecurity Error when using attr_encrypted (attr_encryptor) gem

For my rails 3.2.3 app, I am using attr_encryptor, which is a fork by danpal of attr_encrypted. I have followed the instructions as given here, but I am getting the following error message when I try to create a new Patient…
oort
  • 1,840
  • 2
  • 20
  • 29
1
vote
1 answer

Rails 3.1 mass assignment hierarchy structure

I am trying to set different access control levels (3 levels in my app) for CRUD certain model. There is no User model in the app, because I use RPAM for authentication and session for keeping track of the user. In order to set authorization levels,…
swingfuture
  • 1,078
  • 2
  • 14
  • 22
1
vote
0 answers

Mass-assignment warning not shown when running rake tasks

I have a seed file with a couple of lines like the following: action_type = ActionType.find_or_create_by_name(:name => "register") Now, when I execute rake db:seed, although the command finishes without mentioning any warnings, no record is…
Niek Bartholomeus
  • 385
  • 2
  • 10
1
vote
1 answer

Do I need to protect against mass-assignment if a model does not have an associated controller?

This probably sounds like a silly question to seasoned Rails developer. Do I need to protect against mass-assignment if a model does not have an associated controller? I'm guessing that I don't need to, but it would be great if anyone could confirm…
noelob
  • 460
  • 5
  • 14
1
vote
2 answers

Delayed_job (2.1.4) error: Job failed to load: instance of IO needed. Handler nil

I created a simplistic achievements system and wanted to introduce delayed_job (2.1.4) to take care of the processing. However, the handler column in the delayed_jobs table is always nil, which results in the last_error text: Job failed to load:…
emrass
  • 6,253
  • 3
  • 35
  • 57
1 2 3
21 22