2

I constructed an object based on parameters and passed it into the update_attributes method, within my controller's update method. The object had one attribute (xyz) that was not listed as part of attr_accessible list in the model. Rails skipped updating the attribute in question and generated a warning that mass-assignment of attribute xyz failed.

I would like to make sure that update_attributes fails if this kind of situation occurs instead of just getting a warning. Is there a config setting or an option that can be passed in to the update_attributes call to make this happen?

4

2 回答 2

4

You can change the config to use a sanitizer that will raise an exception:

config.active_record.mass_assignment_sanitizer = :strict

Edit: This is available since 3.2. Your question is tagged with rails 3.1, so it won't work. You can upgrade to 3.2, or take a look at this SO question on how to patch the sanitizer.

于 2012-08-03T22:09:52.353 回答
2

Set your own mass_assignment_sanitizer using mass_assignment_sanitizer= and you probably want to look at active_model/mass_assignment_security/sanitizer.rb for examples and active_model/mass_assignment_security.rb for how to set up your own Sanitizer that will fail.

于 2012-08-03T21:58:42.330 回答