I am upgrading an app to 4.0 and using ruby-2.2.5. I am down to a couple of Deprecation Warnings, which appear when I run >> bundle exec rake.
One of the warnings:
DEPRECATION WARNING: Model based mass assignment security has been extracted out of Rails into a gem.
Please use the new recommended protection model for params or add `protected_attributes` to your Gemfile to use the old one.
To disable this message remove the `whitelist_attributes` option from your `config/application.rb` file
and any `mass_assignment_sanitizer` options from your `config/environments/*.rb` files.
See http://guides.rubyonrails.org/security.html#mass-assignment for more information.
I understand what this about and I have gone through all my models looking for and removing 'attr_accessible'. I have gone through all my controllers and added a method for strong_params, which I call in my 'create' and 'update' actions. We are not using 'whitelist_attributes' or any 'mass_assignment_sanitizer' options. And, all my spec tests are passing.
My Questions is, Would this warning be just a standard output or would it be from rails seeing something I am not? Ideas?
Much appreciated
Try adding gem 'protected_attributes', '~>1.1.3' at your Gemfile, some people say that gem is unnecessary on Rails 4 but it fix the Deprecation, I not sure if is the best solution: https://github.com/rails/protected_attributes
Related
I am trying to understand some of the higher level functioning of Rails, using the Rails console. I run controller.class.superclass.superclass which gives ActionController::Base, controller.class.superclass.superclass.superclass which gives ActionController::Metal and controller.class.superclass.superclass.superclass.superclass gives AbstractController::Base.
I have found these in the API documentation.
http://api.rubyonrails.org/classes/AbstractController/Base.html
http://api.rubyonrails.org/classes/ActionController/Metal.html
[can only post two links]
I can add to these simply by declaring the classes again in the console, but is there a way to find the original Ruby code for these and to inspect and edit it in its original file(s)? Just in case I need to know the full contents of these for future.
You can also do:
bundle show <gem>
and that will show you where the gem is on your system. Editing in those files is not advised unless you know how to re-install gems.
You can see the Rails source code on Github:
https://github.com/rails/rails/tree/master/actionpack/lib/action_controller
I've tested this by running rails c both before and after git stash. On Rails 4.1 in Mavericks, after following the instructions to add the versions table and adding has_paper_trail to three models, whenever I run rails c I get
irb: warn: can't alias context from irb_context.
I've spent some time Googling without much luck, there's old threads talking about rspec, but I don't see how that's relevant since I'm not using it. Any ideas why this is happening?
RSpec used to polute provide Object top-level methods, e.g. describe, context, etc. Fortunately they've got rid of all the monkey patching in version 3, and now all these methods are namespaced under RSpec.
One can change this behaviour through the expose_dsl_globally config flag. For backwards compatibility, it defaults to true.
The warning shows up when you open the console because paper_trail automatically loads its rspec helpers when rspec is found. And it calls RSpec.configure before you have the chance to tweak your own configuration.
One possible solution would be paper_trail to disable the automatically loading and let users to load it themselves when they see fit. However, I am not aware of the internals of the library, so I can't guarantee this wouldn't break other things.
Best!
This is now fixed in papertrail 4.0.0, here's the commit.
I was following one of the railscasts tutorials and decided to install nifty generators. Well, being a rails noob I didn't realize that the way parameters are handled changed. Now I can't undo any of my changes. So far I managed to roll back the database but every time I try to run
rails destroy nifty:scaffold mymodel
I get the error message
attr_accessible is extracted out of rails into a gem. Please use new recommended protection model for params(strong_parameters) or add protected_attributes to your Gemfile to use old one.
So I did. I added
gem 'protected_attributes'
and ran
bundle install
Then I tried to destroy it and it errored out again. I really hope nifty didn't just screw up my project. Can anyone help?
Um, this not a real solution, but a possible workaround: if the output of the rails generate nifty:scaffold mymodel command is still in your terminal buffer, you could manually delete the files it created.
And if the output isn't available, you could do rails generate nifty:scaffold mymodel2 in order to see what files nifty:scaffold created before manually deleting the corresponding files for mymodel.
Not elegant, but it might get you over the hump.
deprecated_mass_assignment_security.rb:17:in `attr_accessible': `attr_accessible` is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your Gemfile to use old one. (RuntimeError)
I tried what the message says, adding gem 'strong_parameters' to my Gemfile.
But when I do rails s I get the error above.
Update
I tried:
config.active_record.whitelist_attributes = true
in confgi/application.rb, also with false, but actually I don't understand that option.
attr_accessible and attr_protected have been pulled out of Rails 4 and extracted into protected_attributes. Bundle that into your app and then you should be able to use them again.
That being said, it's recommended that you use strong_parameters instead of attr_accessible these days, so eventually you'll want to migrate to that.
In your Gemfile you will notice that gem 'protected_attributes' has been hashed out.
Remove the hash.
Run bundle install.
But since protected_attributes has been deprecated and may disappear in the future use strong_parameters as mentioned in the above post.
For more info on strong_parameters refer this link.
When I comment out the lines that require the Active Record and Test Unit railties in config/application.rb and do a rails generate in the project root folder, I still see tasks for the above frameworks in the list of generators.
% rails generate
...
ActiveRecord:
active_record:migration
active_record:model
...
Is this expected behavior? If not, what do I do to remove these from the list of available generators?
It doesn't make or break anything, but it's annoying!
Are the gems still in your Gemfile? That's the likely candidate.