Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


assign_attributes called instead of update_attributes #13

newspeedway opened this Issue · 4 comments

3 participants

New Speedway Tech (Probably Nick) Kristian Mandrup Leszek
New Speedway Tech (Probably Nick)


Essentially this change means that you cannot edit a user without inputting the password (or if you forget to put in the password it errors out).

I'm not comfortable enough with Devise to suggest a fix. I deleted self.assign_attributes(params, *options) in devise /lib/devise/models/database_authenticatable.rb as a band-aid

Kristian Mandrup

Sorry, no idea. I haven't used MongoMapper for about 2 years now. Also haven't followed devise internals since I created this gem. Feel free to patch it as you see fix or do whatever hacks u find necessary :)


Not sure if this is right place to fix this. Such bug occurs because MongoMapper::Document instances don't respond to #assign_attributes used by Devise. In my opinion fixing this should be done in orm_adapter gem or even in mongo_mapper (AR instances responds to this method)

Kristian Mandrup

Yes, should be added to mongo_mapper or orm_adapter IMO. Cheers!

Kristian Mandrup - deprecated since 3.1

Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.

To bypass mass-assignment security you can use the :without_protection => true option

attr_accessible allows you to specify a whitelist of keys that can be set when using mass-assignment.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.