ActiveModel::MassAssignmentSecurity was extracted from ActiveModel into this gem. This breaks things like Mongoid which depends on ActiveModel::MassAssignmentSecurity but not ActiveRecord.

@ashchan can you send a PR to fix it?

@guilleiguaran OK.

Closed by #4

Would it be possible to split out the ActiveModel modules into a separate gem?

As is, this gem has dependencies on ActiveRecord, ActionPack and Railties (along with their long list of dependencies) which isn't desirable for 3rd party libraries.

What do you mean by "third party" exactly? This gem is still inside the rails organization, and is only (as far as I know) intended for use with the set of gems you just listed.

On Nov 21, 2012, at 6:04 PM, Sam Pohlenz notifications@github.com wrote:

Would it be possible to split out the ActiveModel modules into a separate gem?

As is, this gem has dependencies on ActiveRecord, ActionPack and Railties (along with their long list of dependencies) which isn't desirable for 3rd party libraries.

�
Reply to this email directly or view it on GitHub.

@indirect I'm mainly referring to alternative ORMs such as Mongoid and MongoModel (my own library), which depend on ActiveModel to avoid reimplementing common functionality.

With MassAssignmentSecurity deprecated/removed in ActiveModel 4, if we want to continue supporting attr_accessible/attr_protected (which I do for now), we can either reimplement it ourselves or depend on a gem like this. I would much prefer the latter if possible.

@spohlenz I will discuss this with core team

Thanks @guilleiguaran.

The ideal solution from my point of view would be to revert the removal of ActiveModel::MassAssignmentSecurity (rails/rails@f8c9a4d) and deprecate attr_protected/attr_accessible in ActiveRecord only.

However I do understand that Rails core does not want to maintain/support this functionality anymore.

@spohlenz good point. I will think about an easier migration path, but I don't recommend to maintain this feature in our libraries.

A possibility would be to just extract what was previously available in AMo
to a specific "mass_assignment" library, that would be used by
"protected_attributes" and be available for others to use, as it was with
AMo. How does that sound?

On Thu, Nov 22, 2012 at 1:18 PM, Rafael Mendonça França <
notifications@github.com> wrote:

@spohlenz https://github.com/spohlenz good point. I will think about an
easier migration path, but I don't recommend to maintain this feature in
our libraries.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/3#issuecomment-10637433.

At.
Carlos Antonio

@carlosantoniodasilva That would work. Ideally this library would also work with earlier versions of ActiveModel (so even if ActiveModel::MassAssignmentSecurity was already defined), and I could just include it as a straight dependency.

I've also noticed that the Observers extraction (rails/rails@ccecab3) has this same issue. These extractions seem to forget that Rails without ActiveRecord is a fairly common configuration.

@spohlenz observers should not have the same issue. You can add rails-observers in your gemfile and it should work without Active Record.

If it doesn't work, just ping me

Thanks @rafaelfranca, I think you're right. I misread the gemspec (add_development_dependency/add_dependency). Will let you know if I have any issues.

When creating rails-observes I thought about this issue. What I did was load Active Record specific features only if you load Active Record. This should make possible to use it without active_record. MongoXX can add it as dependency and load only the Active Model features.

I have to confirm, but I think we can do the same with this gem.

I believe it's possible to do the same, even though I'd think it might be
better to have it separately, it should work quite fine this way.

On Wed, Nov 28, 2012 at 11:57 PM, Rafael Mendonça França <
notifications@github.com> wrote:

When creating rails-observes I thought about this issue. What I did was
load Active Record specific features only if you load Active Record. This
should make possible to use it without active_record. MongoXX can add it as
dependency and load only the Active Model features.

I have to confirm, but I think we can do the same with this gem.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/3#issuecomment-10832060.

At.
Carlos Antonio

@spohlenz @rafaelfranca I've given it a shot in 078b811...6886ec7, please check there and let me know if I forgot anything.

@spohlenz if you can give it a try with master, that'd be awesome.

Thanks 💖

@ashchan and if you can try it as well, would be great, thanks.

❤️ 💚 💙 💛 💜

@carlosantoniodasilva Works great! Thanks for your help.

@rafaelfranca rails-observers works correctly, thanks. One thing that would make things smoother is to require 'rails/observers/active_model/active_model' in rails-observers.rb as I had to add a conditional require to my code.

@spohlenz great. I'll improve it tomorrow.

Having said that, I still need to update my code to handle the case where rails-observers or protected_attributes aren't available, so I don't think it's a huge deal.

@spohlenz awesome, thanks for reporting back so quickly 💚

I think we can consider this 🔥, confirm?

My specs are green, I'm happy. 🔥

So we're happy 😄, thanks.