Remove protected_attributes gem

Use strong parameters to manage whitelisting, Rails 4-style.

Gemfile

@@ -34,7 +34,6 @@ gem 'omniauth'
 gem 'omniauth-evernote'
 gem 'paper_trail', github: 'airblade/paper_trail', branch: 'master'
 gem 'pjax_rails'
-gem 'protected_attributes' # TEMPORARY: This is to enable Rails 4 upgrade
 gem 'rails-timeago'
 gem 'safe_yaml'
 gem 'sass-rails'

Gemfile.lock

@@ -261,8 +261,6 @@ GEM
       jquery-rails
     polyglot (0.3.3)
     powerpack (0.0.6)
-    protected_attributes (1.0.3)
-      activemodel (>= 4.0.0, < 5.0)
     pry (0.9.12.2)
       coderay (~> 1.0.5)
       method_source (~> 0.8)
@@ -443,7 +441,6 @@ DEPENDENCIES
   paper_trail!
   pg
   pjax_rails
-  protected_attributes
   rails (= 4.0.0)
   rails-timeago
   rails_best_practices

app/controllers/books_controller.rb

@@ -68,7 +68,7 @@ def update
     add_breadcrumb I18n.t('books.admin.title_short'), books_admin_path
     add_breadcrumb "ISBN #{ @book.isbn }", edit_book_path(params[:id])
 
-    if @book.update_attributes(params[:book])
+    if @book.update_attributes(book_params)
       flash[:success] = I18n.t('books.edit.success', title: @book.title)
       redirect_to books_admin_path
     else
@@ -77,4 +77,13 @@ def update
     end
   end
 
+  private
+
+  def book_params
+    params.require(:book).permit(:attempts, :author, :dewey_decimal, :dimensions, :dirty, :editor, :format,
+                                 :full_text_url, :google_books_id, :introducer, :isbn_10, :isbn_13, :lang, :lcc_number,
+                                 :library_thing_id, :notes, :open_library_id, :page_count, :pages, :published_city, 
+                                 :published_date, :publisher, :tag, :title, :translator, :weight)
+  end
+
 end

app/controllers/links_controller.rb

@@ -58,12 +58,21 @@ def update
     add_breadcrumb I18n.t('links.admin.title_short'), links_admin_path
     add_breadcrumb @link.channel, edit_link_path(params[:id])
 
-    if @link.update_attributes(params[:link])
+    if @link.update_attributes(link_params)
       flash[:success] = I18n.t('links.edit.success', channel: @link.channel)
       redirect_to links_admin_path
     else
       flash[:error] = I18n.t('links.edit.failure')
       render :edit
     end
   end
+
+  private
+
+  def link_params
+    params.require(:link).permit(:altitude, :attempts, :author, :canonical_url, :channel, :dirty, :domain, :error, 
+                                 :lang, :latitude, :longitude, :modified, :name, :paywall, :protocol, :publisher, 
+                                 :title, :url, :website_name) 
+  end
+
 end

app/models/book.rb

@@ -4,11 +4,6 @@ class Book < ActiveRecord::Base
 
   include Syncable
 
-  attr_accessible :title, :author, :editor, :introducer, :translator, :lang, :published_date, :published_city, :pages,
-                  :isbn_10, :isbn_13, :page_count, :google_books_id, :publisher, :library_thing_id, :open_library_id,
-                  :tag, :dirty, :attempts, :notes, :format, :dimensions, :weight, :dewey_decimal, :lcc_number,
-                  :full_text_url
-
   has_and_belongs_to_many :notes
 
   default_scope { order('tag') }

app/models/evernote_note.rb

@@ -5,8 +5,6 @@ class EvernoteNote < ActiveRecord::Base
   include Evernotable
   include Syncable
 
-  attr_accessible :cloud_note_identifier, :evernote_auth_id, :note_id, :dirty, :attempts, :content_hash, :update_sequence_number
-
   # REVIEW: , dependent: :destroy (causes Stack Level Too Deep.
   #  See: http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html ("Options" ... ":dependent") )
   belongs_to :note 

app/models/link.rb

@@ -4,10 +4,6 @@ class Link < ActiveRecord::Base
 
   include Syncable
 
-  attr_accessible :protocol, :channel, :domain, :url_or_canonical_url, :name, :title, :website_name, :author, :lang,
-                  :modified, :url, :canonical_url, :error, :paywall, :publisher, :dirty, :attempts, :longitude, 
-                  :latitude, :altitude
-
   has_and_belongs_to_many :notes
 
   default_scope { order('channel') }

app/models/note.rb

@@ -4,10 +4,6 @@ class Note < ActiveRecord::Base
 
   include Syncable
 
-  attr_accessible :title, :body, :external_updated_at, :resources, :latitude, :longitude, :lang, :author,
-                  :last_edited_by, :source, :source_application, :source_url, :sources, :tag_list, :instruction_list,
-                  :hide, :active, :is_citation, :listable
-
   attr_writer :tag_list, :instruction_list
 
   has_many :evernote_notes, dependent: :destroy

app/models/resource.rb

@@ -5,11 +5,6 @@ class Resource < ActiveRecord::Base
   include Evernotable
   include Syncable
 
-  attr_accessible :note_id, :cloud_resource_identifier, :mime, :width, :height, :caption, :description, :credit, 
-  :source_url, :external_updated_at, :latitude, :longitude, :altitude, :camera_make, :camera_model, :file_name, 
-  :local_file_name, :attachment, :data_hash, :dirty, :attempts,
-  :raw_location, :template_location, :cut_location, :blank_location
-
   belongs_to :note
 
   scope :attached_images, -> { where("mime LIKE 'image%'").where(attachment: nil) }

app/models/user.rb

@@ -4,8 +4,4 @@ class User < ActiveRecord::Base
   # :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-  # attr_accessible :title, :body
 end

config/application.rb

@@ -39,12 +39,6 @@ class Application < Rails::Application
     # like if you have constraints or database-specific column types
     # config.active_record.schema_format = :sql
 
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
-    # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
-
     # Enable the asset pipeline
     config.assets.enabled = true
 

config/environments/development.rb

@@ -20,9 +20,6 @@
   # Only use best-standards-support built into browsers
   config.action_dispatch.best_standards_support = :builtin
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
   # Do not compress assets
   config.assets.compress = false
 

config/environments/test.rb

@@ -33,9 +33,6 @@
     host: Settings.host
   }
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
 

config/initializers/acts_as_taggable_on.rb

@@ -13,15 +13,3 @@ def to_param
 	extend FriendlyId
 		friendly_id :name, use: :slugged
 end
-
-# TEMPORARY: for Rails 4 compatibility, when we remove attribute accessor gem, we can remove this
-#  https://github.com/mbleigh/acts-as-taggable-on/issues/389
-module ActsAsTaggableOn
-  class Tag
-    attr_accessible :name
-  end
-
-  class Tagging
-    attr_accessible :tag_id, :context, :taggable
-  end
-end

config/initializers/paper_trail.rb

@@ -1,6 +1,5 @@
 module PaperTrail
   class Version < ActiveRecord::Base
-    attr_accessible :sequence, :word_count, :tag_list, :instruction_list, :event, :whodunnit, :object
     serialize :tag_list
     serialize :instruction_list
   end

spec/models/evernote_auth_spec.rb

@@ -10,8 +10,5 @@
 
   it { should be_valid }
   it { should respond_to(:auth) }
-
-  it { should_not allow_mass_assignment_of(:auth) }
-
   it { should have_many(:evernote_notes) }
 end