[rspec-users] OT: SIT - how to turn it off

James Byrne lists at ruby-forum.com
Sat Mar 21 10:56:00 EDT 2009


David Chelimsky wrote:

> 
> What type of association? There are many and they are all handled
> quite differently.
> 

In this particular case this was a has_many / belongs_to pair and I was 
attempting a parent.child.create({}) call.  I discovered thereby that 
Rails, at least in version 2.3.2, evidently does not permit mass 
assignment of attributes ending in _type or _value; apparently 
regardless of their presence in an attr_accessible call.

However, this problem proved serendipitous.  In consequence I have 
discovered a great deal regarding problems with mass assignment. The 
result is that I have instead turned off mass assignment for the entire 
application.  This, needless to say, has broken a great deal of my tests 
and functioning code but I am mostly finished resolving those problems.

I found a good discussion of this problem and some solutions at:

  http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment

-- 
Posted via http://www.ruby-forum.com/.


More information about the rspec-users mailing list