You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The assign_attributes call is not supposed to persist any changes to the database (yet), but because the team_ids association is stored on a join model, they're persisted immediately upon assignment.
Unfortunately, it's not ready for a PR just yet, because the refactoring offloads some of the work to Devise (Authenticatable / ParameterFilter), and I discovered a bug there in the process. I'll create a PR for this issue once (if) that bugfix is merged into the next release of Devise.
The text was updated successfully, but these errors were encountered:
rlue
changed the title
::invite! modifies (associations on) existing users
::invite! modifies existing users
Mar 8, 2018
Summary
In some cases,
User.invite!
can alter DB records for the associations of existing (registered) users.Description
In my app, for instance, a
User has_many :teams, through: :user_teams
. When inviting a new user, you can specify which teams they belong to:Currently, you can reassign these associations on an existing user through the
::invite!
method:Here's the relevant portion of the server logs:
Cause
This problem occurs because of the following two lines in the
::_invite
method:The
assign_attributes
call is not supposed to persist any changes to the database (yet), but because theteam_ids
association is stored on a join model, they're persisted immediately upon assignment.Solution
I've prepared some changes in my own fork (I've also refactored the
::_invite
method and given some methods more precise names, IMO).Unfortunately, it's not ready for a PR just yet, because the refactoring offloads some of the work to Devise (
Authenticatable
/ParameterFilter
), and I discovered a bug there in the process. I'll create a PR for this issue once (if) that bugfix is merged into the next release of Devise.The text was updated successfully, but these errors were encountered: