assign_attributes called instead of update_attributes #13

newspeedway opened this Issue Aug 16, 2012 · 6 comments

4 participants



Essentially this change means that you cannot edit a user without inputting the password (or if you forget to put in the password it errors out).

I'm not comfortable enough with Devise to suggest a fix. I deleted self.assign_attributes(params, *options) in devise /lib/devise/models/database_authenticatable.rb as a band-aid


Sorry, no idea. I haven't used MongoMapper for about 2 years now. Also haven't followed devise internals since I created this gem. Feel free to patch it as you see fix or do whatever hacks u find necessary :)


Not sure if this is right place to fix this. Such bug occurs because MongoMapper::Document instances don't respond to #assign_attributes used by Devise. In my opinion fixing this should be done in orm_adapter gem or even in mongo_mapper (AR instances responds to this method)


Yes, should be added to mongo_mapper or orm_adapter IMO. Cheers!

@kristianmandrup - deprecated since 3.1

Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.

To bypass mass-assignment security you can use the :without_protection => true option

attr_accessible allows you to specify a whitelist of keys that can be set when using mass-assignment.



Anyone using this, feel free to fix and submit a pull request or even take over maintenance of this project...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment