No warnings for specified attributes that were filtered for mass-assignment reasons in first_or_create and first_or_initialize
prusswan opened this issue · comments
MyModel.first_or_create(attributes_hash)
returns an instance with all nil values. This also breaks idioms like Team.where(name: 'Justice League').first_or_create({additional_params_hash})
Tested on Rails 4.0.1 with protected_attributes 1.0.5
Could you provide an example application reproducing this issue?
I think I figured out what was happening: strong_parameters is activated by default (since this is a Rails 4 app), while protected_attributes
was also used by something else for compatibility with attr_accessible
etc. In such a situation, use of first_or_create
and first_or_initialize
on a model with attributes that should be specified for mass-assignment but were not, leads to unexpected results (silent failures for one) depending on how the model validations are set up.
In the case of: Team.where(name: 'Justice League').first_or_create({additional_params_hash})
If any of the attributes in additional_params_hash
are disallowed for mass-assignment but are not required to be present in the model validations, the statement will execute without errors or warnings creating an instance of Team
with name: 'Justice League' with the other specified attributes set to nil. I'm not sure if this is necessarily an issue with protected_attributes
, but I would find this behavior unexpected.
PS: this might be related to #16
Upon further investigation, I discovered rails/rails#9894 which suggests a soft-deprecation of first_or_create
and first_or_initialize
, which are producing erratic results even without protected_attributes
in some cases. In light of this I will close this issue.