regression: attr_accessible is added to all models

Question

regression: attr_accessible is added to all models

josh-m-sharpe opened this issue 10 years ago · comments

Isn't this a regression?

https://github.com/rails/protected_attributes/blob/master/lib/protected_attributes/railtie.rb#L10-L15

In rails 3 attr_accessible was not added to all models, but with this gem, in rails 4, it is... Sure, this might be a "Best practice" but I thought this gem was supposed to be a kludge to keep the same behavior that was supported in rails 3 around in rails 4 - which helps support the upgrade path.

Now, with this gem, that behavior has changed. So updating a legacy rails 3 app to rails 4 forces breaking changes.

Should this new behavior be configurable?

Josh Sharpe · Answer 1 · Tue Jan 20 2015 23:34:54 GMT+0800 (China Standard Time)

For anyone interested, I 'fixed' this issue by adding this in an initializer:

class ProtectedAttributes::Railtie
def initializers_for
[]
end
end

Rafael Mendonça França · Answer 2 · Tue Jan 20 2015 23:37:45 GMT+0800 (China Standard Time)

Can't you just set config.active_record.whitelist_attributes to false in your application?

Josh Sharpe · Answer 3 · Tue Jan 20 2015 23:39:04 GMT+0800 (China Standard Time)

@rafaelfranca yes :/

Rafael Mendonça França · Answer 4 · Tue Jan 20 2015 23:42:11 GMT+0800 (China Standard Time)

The default is true since some patch version of 3.2, this gem is just using the same default.