Don't check attr_protected attrs if we use strong_params #42

Closed
wants to merge 2 commits into
from

Projects

None yet

2 participants

@miry

Skip using the MassAssignmentSecurity::sanitize_for_mass_assignment if we use the strong_params.

The problem was

class User < AR:Base
  def custom_name=(val) #There are no attribute with custom_name
  end
end

And I need always use without_protection option for the assignment_attributes or attr_accessible, even when use permitted attributes. I think it is not corrected, when I have already permitted this attribute.

@lhm

I had a similar problem, and believe the bug is the method arguments to sanitize_for_mass_assignment in strong_parameters. See #50 for a patch.

@miry

outdated

@miry miry closed this Aug 3, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment