-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Strong Parameters and Rails 3 #60
Comments
https://travis-ci.org/mceachen/closure_tree/builds/7831942 is building e72b0a1 which has your suggestion. Thanks! |
Thanks for trying, based on the failed builds (4 is passing because of the frist condition), I just noticed I missed a |
OK—we'll see how 4379712 goes. |
HURRAY https://travis-ci.org/mceachen/closure_tree/builds/7897320 I'll get this into the next version that I'm about to release. |
@mceachen I'm still getting an issue that @leonelgalan described above in my rails 3 app that is using strong parameter: >> CaseType.accessible_attributes.nil?
=> false
>> CaseType.accessible_attributes
=> #<ActiveModel::MassAssignmentSecurity::WhiteList: {}>
>> CaseType.accessible_attributes.empty?
=> true So I think the correct way it should check for empty instead of checking nil. |
I'm seeing the same thing as @samnang in Rails 3.2.18 with strong_parameters enabled. Patching https://github.com/mceachen/closure_tree/blob/ff8331eca84300330aad6455837d3872bd9ce519/lib/closure_tree/support_flags.rb#L7 to use |
Ok, I'll try to get that into master soon. Thanks for the comment.
|
ok, it's in v4.6.1. Thanks! |
After setting
config.whitelist_attributes = false
in application.rb, the model that is acting as a tree raisesActiveModel::MassAssignmentSecurity::Error
. This is, because closure_tree is addingattr_accessible :parent
(https://github.com/mceachen/closure_tree/blob/32da850126336fec6036ad8154a9b1fa738cb30e/lib/closure_tree/model.rb#L17)https://github.com/mceachen/closure_tree/blob/32da850126336fec6036ad8154a9b1fa738cb30e/lib/closure_tree/support.rb#L23
I beleive that this happens because of the last condition of
use_attr_accessible?
, which returns true even when using strong parameters. A better condition will bemodel_class.accessible_attributes.empty?
, which returns true only when attr_accessible has been used in the model.The text was updated successfully, but these errors were encountered: