Comments (20)
I didn't know about strong parameters until you brought it up here. This problem sounds specific to ActiveModel
, so it makes sense to me to add a Hashie::ActiveModel
module (or something simliar) that adds the additional methods. It sounds like you have a good grasp of the problem, would you be up trying to write up a pull request for this?
from hashie.
I'll try to have a look at it, but I'm not sure I can schedule some time immediately.
from hashie.
@jch The problem is specific to active model but why does Mash needs to respond to key_not_in_mash? What's would be the use case for such scenario?
from hashie.
I honestly don't remember. @mbleigh care to chime in?
from hashie.
Any update here? This blocks upgrading active record to 4.0 in a standalone Grape app...
from hashie.
I can do a pull request which removes hash responding to attributes not in hash. Not sure that's gonna be accepted
from hashie.
Well, I would use your pull!
from hashie.
Pull request is done. Checked - it works with rails 4 without forbidden attributes error:
# With rubygems version
2.0.0-p0 :001 > settings = {:username => 'Jonh', password: 'Bond' }
=> {:username=>"Jonh", :password=>"Bond"}
2.0.0-p0 :002 > m = Hashie::Mash.new(settings)
=> #<Hashie::Mash password="Bond" username="Jonh">
2.0.0-p0 :003 > u = User.create!
(0.1ms) begin transaction
SQL (2.2ms) INSERT INTO "users" ("created_at", "updated_at") VALUES (?, ?) [["created_at", Sun, 21 Jul 2013 05:58:37 UTC +00:00], ["updated_at", Sun, 21 Jul 2013 05:58:37 UTC +00:00]]
(2.3ms) commit transaction
=> #<User id: 1, username: nil, password: nil, created_at: "2013-07-21 05:58:37", updated_at: "2013-07-21 05:58:37">
2.0.0-p0 :004 > u.update_attributes(m)
(0.1ms) begin transaction
(0.1ms) rollback transaction
ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError
# With pull request
2.0.0-p0 :001 > u = User.first
User Load (0.3ms) SELECT "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT 1
=> #<User id: 1, username: nil, password: nil, created_at: "2013-07-21 05:58:37", updated_at: "2013-07-21 05:58:37">
2.0.0-p0 :002 > settings = {:username => 'Jonh', password: 'Bond' }
=> {:username=>"Jonh", :password=>"Bond"}
2.0.0-p0 :003 > m = Hashie::Mash.new(settings)
=> #<Hashie::Mash password="Bond" username="Jonh">
2.0.0-p0 :004 > u.update_attributes(m)
(0.2ms) begin transaction
SQL (5.3ms) UPDATE "users" SET "username" = ?, "password" = ?, "updated_at" = ? WHERE "users"."id" = 1 [["username", "Jonh"], ["password", "Bond"], ["updated_at", Sun, 21 Jul 2013 06:00:29 UTC +00:00]]
(2.6ms) commit transaction
=> true
2.0.0-p0 :005 > u.reload
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
=> #<User id: 1, username: "Jonh", password: "Bond", created_at: "2013-07-21 05:58:37", updated_at: "2013-07-21 06:00:29">
As suggested in ruby-grape/grape#404 proper support for forbidden attributes would be good as a separate gem.
from hashie.
I noticed this issue as well. The quick solution for me was to call to_hash
on the Hashie::Mash
instance so it's not responding to permitted?
anymore.
# Mash 2.x
record.attributes = settings.attributes.to_hash
from hashie.
Thanks @hasghari, sounds like a good workaround but it feels a bit hacky to me to do it everywhere.
@jch, @mbleigh any chance of getting feedback on the proposed change?
from hashie.
@Maxim-Filimonov sorry, don't know commit access anymore.
from hashie.
Guys, i appreciate all the work Intridea is doing , but this still isn't working out the of the box and Rails 4 won't work with strong parameters properly
please fix it :)
thank you
from hashie.
I fixed this on #125
from hashie.
@mli-max this works for me, hope yours get merged..
from hashie.
@intridea any plans on merging this?
from hashie.
@intridea any thoughts on merging in @mli-max's PR?
from hashie.
@intridea ping!
from hashie.
+1 !
from hashie.
I'm taking over Hashie. Fixed in #104.
from hashie.
The change in #104 solved this problem but introduced inconsistent behavior into a pure Mash, just for Rails. I am reverting #104 because of #146 and adding an ActiveModel extension, please take a look at #147, add your comments and suggestions.
from hashie.
Related Issues (20)
- Problem flattening multiple nested properties via Trash HOT 3
- Release v. next HOT 2
- Integer key upsets Hashie::Mash with SymbolizeKeys extension HOT 16
- Slice doesn't work using symbols HOT 5
- I got in dev a failing test from master, how to properly setup? HOT 5
- RFC: Switch to Github Actions for CI HOT 3
- Multiple Trash properties that use the same key from a source hash HOT 3
- Undefined quiet method HOT 4
- New Release? HOT 3
- Behavior change in accessing Mash values in 5.0 release HOT 5
- [Informative] `deep_symbolize_keys` broken in Rails 7 with `Mash` HOT 7
- [Question] Why use :to_sym in Hashie::Mash#convert_key HOT 1
- Release version 5 HOT 1
- Memory leak possible HOT 5
- DeepMerge changes ActiveRecord instance HOT 2
- Trash warning when translating string to symbol
- Mash.load is insecure HOT 5
- Including MethodAccessWithOverride in Hashie::Mash breaks dup method
- PredefinedValues is undefined ... :( HOT 1
- Can't call to_hash with nested `Sequel::Postgres::JSONBHash` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hashie.