Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Compact array of values added to PermissionSet instance #6668

merged 1 commit into from

3 participants


It is necessary to compact arrays with nil values.

For example, if we enforce

  config.active_record.whitelist_attributes = true

on_load hook will call attr_accessible(nil) on ActiveRecord
and it appears that ActiveRecord class attribute _accessible_attributes now is set to

{ :default => #<ActiveModel::MassAssignmentSecurity::WhiteList: {""}> }


And when we try to set attr_accessible on any other model, for example

  class User < ActiveRecord
    attr_accessible :admin

and call accessible_attributes, we can get a blank value together with 'admin'

  User.accessible_attributes = ["", "admin"]
@drogus drogus merged commit 41d6371 into rails:master

Hi drogus, thanx for merging. Is it possible to merge it into current stable 3.2 ?


Frankly I'm not sure. It's fine for me, but technically speaking it changes a behavior of accessible_attributes. Probably no one relies on the fact that it returns blank string as one of the results, so it should be safe, but I would like to get feedback.

/cc @tenderlove @josevalim


I rely in this behavior, but only for tests propose. It is fine to me, but I'm afraid to add another regression to the 3-2-stable branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
2  activemodel/lib/active_model/mass_assignment_security/permission_set.rb
@@ -5,7 +5,7 @@ module MassAssignmentSecurity
class PermissionSet < Set
def +(values)
- super(
+ super(
def include?(key)
6 activemodel/test/cases/mass_assignment_security/permission_set_test.rb
@@ -13,6 +13,12 @@ def setup
assert new_list.include?('admin'), "did not add collection to #{@permission_list.inspect}}"
+ test "+ compacts added collection values" do
+ added_collection = [ nil ]
+ new_list = @permission_list + added_collection
+ assert_equal new_list, @permission_list, "did not add collection to #{@permission_list.inspect}}"
+ end
test "include? normalizes multi-parameter keys" do
multi_param_key = 'admin(1)'
new_list = @permission_list += [ 'admin' ]
Something went wrong with that request. Please try again.