Mass assignment fails when upgrading to Rails 4

Asked 29/7, 2013 at 3:49 Answered 2/1, 2014 at 6:4

Solved ruby-on-rails ruby-on-rails-3 ruby-on-rails-4 strong-parameters attr-accessible

deprecated_mass_assignment_security.rb:17:in `attr_accessible': `attr_accessible` is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your Gemfile to use old one. (RuntimeError)

I tried what the message says, adding gem 'strong_parameters' to my Gemfile.

But when I do rails s I get the error above.

Update

I tried:

config.active_record.whitelist_attributes = true

in confgi/application.rb, also with false, but actually I don't understand that option.

Historian answered 29/7, 2013 at 3:49 Comment(0)

In your Gemfile you will notice that gem 'protected_attributes' has been hashed out. Remove the hash. Run bundle install.

But since protected_attributes has been deprecated and may disappear in the future use strong_parameters as mentioned in the above post.

For more info on strong_parameters refer this link.

Koph answered 2/1, 2014 at 6:4 Comment(0)

attr_accessible and attr_protected have been pulled out of Rails 4 and extracted into protected_attributes. Bundle that into your app and then you should be able to use them again.

That being said, it's recommended that you use strong_parameters instead of attr_accessible these days, so eventually you'll want to migrate to that.

Incurious answered 29/7, 2013 at 4:25 Comment(6)

Thanks, How to bundle that into my app? I have protected_attributes in my Gemfile. – Historian 29/7, 2013 at 14:58

Just run bundle install from the command line and you should be good to go! – Incurious 29/7, 2013 at 18:6

Did you remove strong_parameters and set whitelist_attributes to true again? You should just need to include it and if your app was working with Rails 3 you should have everything you need for mass assignment protection. – Incurious 29/7, 2013 at 21:33

I don't have strong parameters anywhere since I am in Rails 3, are they in some place in a Rails 3 app? I tried with whitelist_attributes true and false, same problem. – Historian 29/7, 2013 at 21:57

If you are still running Rails 3 you shouldn't need to add the protected attributes gem because that is part of Rails 3. You'll only need that gem if you are trying to migrate your app to Rails 4. Strong parameters is part of Rails 4 only, so you shouldn't have that in your app unless it's bundled in. – Incurious 29/7, 2013 at 22:10

I have gem 'rails', '4.0.0' bundled. – Historian 30/7, 2013 at 3:7

In your Gemfile you will notice that gem 'protected_attributes' has been hashed out. Remove the hash. Run bundle install.

But since protected_attributes has been deprecated and may disappear in the future use strong_parameters as mentioned in the above post.

For more info on strong_parameters refer this link.

Koph answered 2/1, 2014 at 6:4 Comment(0)

Update

Recommended topics

Hot tags