Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix mass-assignment sanitization breaking in ActiveRecord 3.0.0 beta5+ [
#55 state:resolved]
- Loading branch information
Showing
2 changed files
with
9 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that Rails 3 RC is out, it would be awesome to have this fix released!
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 :)
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree! :)
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not
if defined?(sanitize_for_mass_assignment)
?
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I originally did so.
http://github.com/amatsuda/state_machine/commit/649de25471a2f28f3567b7e6154185237d8f8a27
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, I'll have a new release out soon enough :)
With regard to using feature-checking vs. version-checking, I think there are fair arguments for both ways. I've decided to use version-checking in this instance for a few reasons:
I understand arguments against this, but for now, I think this is the solution worth moving forward with.
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or you let a rails 2.x compatible branch and drop compatibility in master branch (like devise do)
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That doesn't work well here given that there's support for several versions of several libraries. The only alternative I would consider is making every integration a separate library (e.g. state_machine-activerecord, state_machine-datamapper, etc.). This would allow the ability to manage different branches / versions for that particular ORM.
However, there's a particular amount of complexity involved in this that I'm not sure is worth it. Instead, I think we could simply see state_machine drop support for certain versions of libraries, but that's won't be happening anytime soon.
If this is something other folks would like to debate further, I'd encourage you to discuss it on the mailing list rather than here.
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In case anyone doesn't know, the mailing lists are here:
http://groups.google.com/group/pluginaweek-talk
http://groups.google.com/group/pluginaweek-core
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this fix, is release imminent or shall I bundle this ref?
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Orbie
I realized you're deeply considering the "feature-checking vs. version-checking problem". Thanks for sharing your thought about that.
Unless Nobu objects your opinion, I'll respect your decision for that since it seems rational to me.
(For any one of you not noticing who Nobu is, he is always our guide, he knows everything about Ruby, and he (and another famous guy) is "THE RUBY" http://dame.dyndns.org/misc/ruby-commit-ranking/ranking.png )
1e5e04bThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@keeran I plan to release within the next week. I have other issues with other integrations that need to get resolved first... and I'm a bit busy with other things right now :)
For what it's worth, I've also been considering a cleaner way of handling various library versions within state_machine. However, this refactor will not happen for another week or two. Stay tuned!