Description
Hi, we have the following installation:
Ubuntu 18.04/Apache2/Passenger/Ruby 2.3.7/Redmine 3.4.6/Vault 0.3.9
If I want to remove a user from the access list I can save the result but if I go to edit the key again the old user list is shown in the access list.
In the logfile I can see:
Started PATCH "/projects/proj/keys/4" for 10.1.1.116 at 2018-09-28 14:19:22 +0200
Processing by KeysController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"***", "vault_key"=>{"name"=>"testkey", "login"=>"login", "url"=>"https://", "type"=>"Vault::Password", "body"=>"foo", "tags"=>"bar", "comment"=>""}, "commit"=>"Save", "project_id"=>"proj", "id"=>"4"}
Current user: user (id=4)
WARNING: Can't mass-assign protected attributes for Vault::Password: tags
plugins/vault/app/controllers/keys_controller.rb:102:in block in update' plugins/vault/app/controllers/keys_controller.rb:98:in
update'
lib/redmine/sudo_mode.rb:63:in `sudo_mode'