Skip to content


Subversion checkout URL

You can clone with
Download ZIP


assign_attributes called instead of update_attributes #13

newspeedway opened this Issue · 6 comments

4 participants



Essentially this change means that you cannot edit a user without inputting the password (or if you forget to put in the password it errors out).

I'm not comfortable enough with Devise to suggest a fix. I deleted self.assign_attributes(params, *options) in devise /lib/devise/models/database_authenticatable.rb as a band-aid


Sorry, no idea. I haven't used MongoMapper for about 2 years now. Also haven't followed devise internals since I created this gem. Feel free to patch it as you see fix or do whatever hacks u find necessary :)


Not sure if this is right place to fix this. Such bug occurs because MongoMapper::Document instances don't respond to #assign_attributes used by Devise. In my opinion fixing this should be done in orm_adapter gem or even in mongo_mapper (AR instances responds to this method)


Yes, should be added to mongo_mapper or orm_adapter IMO. Cheers!

@kristianmandrup - deprecated since 3.1

Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.

To bypass mass-assignment security you can use the :without_protection => true option

attr_accessible allows you to specify a whitelist of keys that can be set when using mass-assignment.



Anyone using this, feel free to fix and submit a pull request or even take over maintenance of this project...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.