deprecated_mass_assignment_security.rb:17:in `attr_accessible': `attr_accessible` is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your Gemfile to use old one. (RuntimeError)
I tried what the message says, adding gem 'strong_parameters' to my Gemfile.
But when I do rails s I get the error above.
Update
I tried:
config.active_record.whitelist_attributes = true
in confgi/application.rb, also with false, but actually I don't understand that option.
attr_accessible and attr_protected have been pulled out of Rails 4 and extracted into protected_attributes. Bundle that into your app and then you should be able to use them again.
That being said, it's recommended that you use strong_parameters instead of attr_accessible these days, so eventually you'll want to migrate to that.
In your Gemfile you will notice that gem 'protected_attributes' has been hashed out.
Remove the hash.
Run bundle install.
But since protected_attributes has been deprecated and may disappear in the future use strong_parameters as mentioned in the above post.
For more info on strong_parameters refer this link.
Related
I am migrating my application from Rails4.2.8 to Rails5.2.3, updated paper-trail gem version '7.1.2' to '10.3.1'.I am using Rspec - 3.8.2. Everything worked fine but my specs are failing for models which used 'has_paper_trail' macro.
Tried looking into my codes as well as gem repo, didn't found such attribute anywhere.
Found some similar issue but it didn't helped.
https://github.com/paper-trail-gem/paper_trail/issues/455
ActiveModel::UnknownAttributeError:unknown attribute 'foreign_type' for PaperTrail::VersionAssociation.
You need to add column foreign_type into version_associations tables after upgrading gem paper_trail.
Run rails g paper_trail_association_tracking:add_foreign_type_to_version_associations and then migrate your database.
These changes were done in gem paper_trail-association_tracking which is one of the dependencies for paper_trail gem.
Ref: CHANGELOG
I am upgrading an app to 4.0 and using ruby-2.2.5. I am down to a couple of Deprecation Warnings, which appear when I run >> bundle exec rake.
One of the warnings:
DEPRECATION WARNING: Model based mass assignment security has been extracted out of Rails into a gem.
Please use the new recommended protection model for params or add `protected_attributes` to your Gemfile to use the old one.
To disable this message remove the `whitelist_attributes` option from your `config/application.rb` file
and any `mass_assignment_sanitizer` options from your `config/environments/*.rb` files.
See http://guides.rubyonrails.org/security.html#mass-assignment for more information.
I understand what this about and I have gone through all my models looking for and removing 'attr_accessible'. I have gone through all my controllers and added a method for strong_params, which I call in my 'create' and 'update' actions. We are not using 'whitelist_attributes' or any 'mass_assignment_sanitizer' options. And, all my spec tests are passing.
My Questions is, Would this warning be just a standard output or would it be from rails seeing something I am not? Ideas?
Much appreciated
Try adding gem 'protected_attributes', '~>1.1.3' at your Gemfile, some people say that gem is unnecessary on Rails 4 but it fix the Deprecation, I not sure if is the best solution: https://github.com/rails/protected_attributes
ok I'm using sorcery gem for the log in of the main engine.
And I want to use it also in the main engine but whenever I call the user model in the
mountable engine it says
undefined method `authenticates_with_sorcery!' for User:Class
When I said call it's like
#user = User.new
By the way I'm using mongoid 4.0.0 and rails 4.1
I ran into similar issues using MongoMapper. Try making sure that authenticates_with_sorcery! appears beneath any of your database-related includes. For example:
class User
include Mongoid::Document
authenticates_with_sorcery!
end
In my case, the gems order in the gemfile was apparently wrong
Not good
gem 'sorcery'
gem 'mongoid'
Works!
gem 'mongoid'
gem 'sorcery'
As far as I remember when I posted this question sorcery gem doesn't support Mongoid 4 yet so they make a new branch in the github so that for those who are using Mongoid in that time can use sorcery with mongoid 4. Well basically the solution works for me is that I need to reference that branch in my Gemfile. I don't know right now if they already publish the latest sorcery gem.
I am using client validation rails gem and I got this error. Any idea.....
wrong number of arguments (3 for 2)
Extracted source (around line #1):
<%= form_for #user, :validate => true do |f| %>
Trace of template inclusion: app/views/users/new.html.erb
Rails 4 Support
Thanks to tagliala & bcardarella, the client_side_validation gem now supports rails 4!
After adding
gem 'client_side_validations'
to my Gemfile, it didn't load everything properly.
This may be temporarily, as Rubygems only links the old version.
Instead I had to specify the exact repository & branch, since the owner changed.
gem 'client_side_validations', github: "DavyJonesLocker/client_side_validations", branch: "4-2-stable"
Based on https://github.com/bcardarella/client_side_validations/issues/494 it looks like CSV will not support Rails 4 for a little bit longer.
However it also states
I don't see CSV 4.0 coming out for at least 2 months after Rails 4.0 lands (hopefully not that long) as there will be major changes on the JavaScript side of things. Because it will take so longer and people will want a Rails 4.0 compliant version of CSV suggesting they use master branch or perhaps releasing a alpha or pre version to partially satisfy them while we update might be the correct option.
So perhaps try pulling csv right from git? There is a 4.0 beta branch that might be worth trying...
Update
The CSV gem is no longer actively maintained. There are 3 different 4.0 branches on the repository, and the most recently updated of which is 4-0-useable (https://github.com/bcardarella/client_side_validations/branches/all).
Update 2
As #TheChamp says, the CSV gem now supports rails 4.2!
If your using Rails 4 then Client Side validation is outdated. You can check here
http://railscasts.com/episodes/263-client-side-validations?view=comments
and also if you go to the github page
https://github.com/bcardarella/client_side_validations
you can see that it says its no longer maintained.
Alternatively you can try using the CSV gem from this branch, by replacing the CSV line in your Gemfile by this
gem 'client_side_validations', github: "bcardarella/client_side_validations", :branch => "4-0-beta"
Not sure even if this will work though. Since its outdated.
Or you can check this gem out,
https://github.com/kalkov/rails4_client_side_validations
Its just a modified version of Client Side Validations
Have you followed all of the instructions on the github page? If so, have you restarted your server? The install adds an initializer that wont take effect until a server restart.
I've followed the instructions here, installing the composite_primary_keys gem via
sudo gem install composite_primary_keys
That worked fine. Now when I add the following to my model
set_primary_keys :user_id, :group_id
and I get
undefined method `set_primary_keys' for #<Class:0x1043bfe20>
Also, using multiple primary keys in a migration as described here has no effect.
Any ideas why this might not be working and how to make it work?
Note: I do not want a speech on why I should not be using composite keys--I have already made up my mind and just want to get this working. Thanks!
Did you add require 'composite_primary_keys' to the bottom of your environment.rb file as described here?