I upgraded an app from Hashie::Mash 1.2 to 2.0 and I started to notice an incompatibil

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

I honestly don't remember. <a class="user-mention notranslate" data-hovercard-type="us

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

Hashie::Mash doesn't play well with Rails and strong_parameters about hashie HOT 20 CLOSED

hashie commented on July 20, 2024

Hashie::Mash doesn't play well with Rails and strong_parameters

from hashie.

Comments (20)

jch commented on July 20, 2024

I didn't know about strong parameters until you brought it up here. This problem sounds specific to ActiveModel, so it makes sense to me to add a Hashie::ActiveModel module (or something simliar) that adds the additional methods. It sounds like you have a good grasp of the problem, would you be up trying to write up a pull request for this?

from hashie.

weppos commented on July 20, 2024

I'll try to have a look at it, but I'm not sure I can schedule some time immediately.

from hashie.

Maxim-Filimonov commented on July 20, 2024

@jch The problem is specific to active model but why does Mash needs to respond to key_not_in_mash? What's would be the use case for such scenario?

from hashie.

jch commented on July 20, 2024

I honestly don't remember. @mbleigh care to chime in?

from hashie.

aew commented on July 20, 2024

Any update here? This blocks upgrading active record to 4.0 in a standalone Grape app...

from hashie.

Maxim-Filimonov commented on July 20, 2024

I can do a pull request which removes hash responding to attributes not in hash. Not sure that's gonna be accepted

from hashie.

aew commented on July 20, 2024

Well, I would use your pull!

from hashie.

Maxim-Filimonov commented on July 20, 2024

Pull request is done. Checked - it works with rails 4 without forbidden attributes error:

# With rubygems version
2.0.0-p0 :001 > settings = {:username => 'Jonh', password: 'Bond' }
 => {:username=>"Jonh", :password=>"Bond"}
2.0.0-p0 :002 > m = Hashie::Mash.new(settings)
 => #<Hashie::Mash password="Bond" username="Jonh">
2.0.0-p0 :003 > u = User.create!
   (0.1ms)  begin transaction
  SQL (2.2ms)  INSERT INTO "users" ("created_at", "updated_at") VALUES (?, ?)  [["created_at", Sun, 21 Jul 2013 05:58:37 UTC +00:00], ["updated_at", Sun, 21 Jul 2013 05:58:37 UTC +00:00]]
   (2.3ms)  commit transaction
 => #<User id: 1, username: nil, password: nil, created_at: "2013-07-21 05:58:37", updated_at: "2013-07-21 05:58:37">
2.0.0-p0 :004 > u.update_attributes(m)
   (0.1ms)  begin transaction
   (0.1ms)  rollback transaction
ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError

# With pull request 
2.0.0-p0 :001 > u = User.first
  User Load (0.3ms)  SELECT "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT 1
 => #<User id: 1, username: nil, password: nil, created_at: "2013-07-21 05:58:37", updated_at: "2013-07-21 05:58:37">
2.0.0-p0 :002 > settings = {:username => 'Jonh', password: 'Bond' }
 => {:username=>"Jonh", :password=>"Bond"}
2.0.0-p0 :003 > m = Hashie::Mash.new(settings)
 => #<Hashie::Mash password="Bond" username="Jonh">
2.0.0-p0 :004 > u.update_attributes(m)
   (0.2ms)  begin transaction
  SQL (5.3ms)  UPDATE "users" SET "username" = ?, "password" = ?, "updated_at" = ? WHERE "users"."id" = 1  [["username", "Jonh"], ["password", "Bond"], ["updated_at", Sun, 21 Jul 2013 06:00:29 UTC +00:00]]
   (2.6ms)  commit transaction
 => true
2.0.0-p0 :005 > u.reload
  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 1]]
 => #<User id: 1, username: "Jonh", password: "Bond", created_at: "2013-07-21 05:58:37", updated_at: "2013-07-21 06:00:29">

As suggested in ruby-grape/grape#404 proper support for forbidden attributes would be good as a separate gem.

from hashie.

hasghari commented on July 20, 2024

I noticed this issue as well. The quick solution for me was to call to_hash on the Hashie::Mash instance so it's not responding to permitted? anymore.

# Mash 2.x
record.attributes = settings.attributes.to_hash

from hashie.

Maxim-Filimonov commented on July 20, 2024

Thanks @hasghari, sounds like a good workaround but it feels a bit hacky to me to do it everywhere.
@jch, @mbleigh any chance of getting feedback on the proposed change?

from hashie.

jch commented on July 20, 2024

@Maxim-Filimonov sorry, don't know commit access anymore.

from hashie.

jeveloper commented on July 20, 2024

Guys, i appreciate all the work Intridea is doing , but this still isn't working out the of the box and Rails 4 won't work with strong parameters properly

please fix it :)
thank you

from hashie.

rxx commented on July 20, 2024

I fixed this on #125

from hashie.

Maxim-Filimonov commented on July 20, 2024

@mli-max this works for me, hope yours get merged..

from hashie.

lynxnathan commented on July 20, 2024

@intridea any plans on merging this?

from hashie.

pruett commented on July 20, 2024

@intridea any thoughts on merging in @mli-max's PR?

from hashie.

mogetutu commented on July 20, 2024

@intridea ping!

from hashie.

jorge-d commented on July 20, 2024

+1 !

from hashie.

dblock commented on July 20, 2024

I'm taking over Hashie. Fixed in #104.

from hashie.

dblock commented on July 20, 2024

The change in #104 solved this problem but introduced inconsistent behavior into a pure Mash, just for Rails. I am reverting #104 because of #146 and adding an ActiveModel extension, please take a look at #147, add your comments and suggestions.

from hashie.

Hashie::Mash doesn't play well with Rails and strong_parameters about hashie HOT 20 CLOSED

Comments (20)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs