After the big news yesterday, I've been trying to find a solid article about how to fix this issue with regard to different versions of Rails, and I'm unable to do so.
The best resource that I have found so far is https://gist.github.com/1978249#file_securing_rails_updates.md, but it only provides one solution: adding ActiveRecord::Base.send(:attr_accessible, nil) to the initializer. This is also the solution presented here at http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment at a much earlier time.
However, at the same time, I remember seeing at another place that just turn on the configuration: config.active_record.whitelist_attributes = true should be suffice.
I am thoroughly confused, from all these different resources, I'm in need to decide between two solutions that doesn't have any reference to which versions of Rails they apply to.
Perhaps I had missed a generic article on the fix after the incident, but I had not found a single article on the rails blog that shows this. I was not able to find it elsewhere, could someone please enlighten me on this. Thanks!
I found this in the gist https://gist.github.com/1978249
Add the following initializer:
config/initializers/disable_mass_assignment.rb
ActiveRecord::Base.send(:attr_accessible, nil)
Looks like a temporary fix to me until rails core comes up with something better !!
Related
In a rails / mysql app, there is a method that lets you check if an associated object has been loaded, or if your referencing it will trigger a database query:
a = Author.first
b.books.loaded?
But in mongoid, there is no such method. Is there another method in mongoid that does something similar?
Thanks for any help.
The method is
_loaded?
For some reason SO demands I add more filler, even though the above is the correct answer, so here you go. Here's the opening line from The Great Gatsby, which I love:
In my younger and more vulnerable years my father gave me some advice
that I’ve been turning over in my mind ever since. “Whenever you
feel like criticizing any one,” he told me, “just remember that
all the people in this world haven’t had the advantages that you’ve had.”
I'm trying to get a PR reviewed and it's going nowhere. I'm asking on SO to see if anybody here might know, is Filterrific still being worked on? There are a few PR's, lots of issues, and the author has yet to respond.
I am using filterrific gem myself. I have also experienced bad respond on issues & seems like the author is not so active himself.
Gem authors are also not obligated to give support but if they do its always a plus.
But to be fare author himself has used a lot of times to create good documents. At first when I was setting up the gem, I also had issue but if you read his documents carefully (read here), you will understand the most.
I also recommend you to take a look at his demo app source code (found here)
By looking at the codes you will always set together stuff to create your own scope.
You can also follow all questions related to filterrific gem on SO (here)
The information on the home page of the project I'm working has been piling up that now we are looking for something to create a dashboard-like interface.
That's how I found Apotomo, but I'm wondering what would be some alternatives worth looking into.
So far, I've looked through the Rails Presenters on ruby-toolbox.
Thankful for any suggestions to speed-up the development.
ActiveAdmin has a nice dashboard, might be worth checking out. Here it is on their demo and the commented code
I need a Rails plugin that gives you the chance to purely separate HTML and any logic in your views. Views should be classes reading the separate markup and replacing it with dynamic content where needed.
Basically Effigy from github does this.
I am looking for something like Wicket, but on the Rails base.
I can remember seeing a plugin from a Rails enterprise that does this. In my memory, it was better and seemed more mature than Effigy. But I forgot its name. It was something like "luxurious" or "delicious"; does anyone know what I am talking about? The plugin was created in a US Rails enterprise.
Any other alternatives would be much appreciated.
I feel that Effigy is almost OK, but it's hard to find tutorials or people using it properly, so I question its the maturity.
Well, if nothing comes up, I will go ahead with Effigy for now.
All right guys, I think I finally found what I was talking about.
The plugin is called "Erector"
The thing that I like about it, is that views are finally plain ruby objects and you can do everything you can usually do in ruby. I found couple of blogposts:
https://github.com/erector/erector
Why I always liked this idea you can easily see in this blogpost
I want to thank the creators for this.
What's the standard/best option out there for this kind of version control? The main thing I'm looking for is to track what user edited a record.
I've seen these so far and am wondering what your take is:
PaperTrail
ActsAsAudited
VestalVersions
The plugins you mentioned all seem to take the same approach, and seem to be somewhat similar in approach: use a seperate table to store the old versions.
None of them seem to be really rails3-ready (looking at the generators), but PaperTrail reportedly should work with rails3, and has the most recent commit.
You could also look at the ruby-toolbox user-stamping and versioning. There you can see which project has the most "traction", which has the most recent commits. Which sometimes can help to make a choice between similar options.
For stamping user_ids onto rows there is the the userstamp plugin
http://github.com/delynn/userstamp
EDIT:
Based on the requirement mentioned in your comment, I would recommend act_as_audited
http://github.com/collectiveidea/acts_as_audited
We are using it successfully for a very large application.
Peer
I think PaperTrail is what you need to solve this problem.
With PaperTrail you can track and see all changes ,to any model, with user id of who made the changes.
It is currently the best maintained project of the three you linked
HI #viatropos I thought that these two links might prove to be helpful
http://api.rubyonrails.org/classes/ActiveRecord/Observer.html
http://www.robbyonrails.com/articles/2007/04/27/observers-big-and-small