Don't check attr_protected attrs if we use strong_params #42

wants to merge 2 commits into


None yet

2 participants


Skip using the MassAssignmentSecurity::sanitize_for_mass_assignment if we use the strong_params.

The problem was

class User < AR:Base
  def custom_name=(val) #There are no attribute with custom_name

And I need always use without_protection option for the assignment_attributes or attr_accessible, even when use permitted attributes. I think it is not corrected, when I have already permitted this attribute.


I had a similar problem, and believe the bug is the method arguments to sanitize_for_mass_assignment in strong_parameters. See #50 for a patch.



@miry miry closed this Aug 3, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment