#37 Mass Assignment & attr_accessible - attachment_fu

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#37 new

Mass Assignment & attr_accessible

Reported by Matthias Hennemeyer | November 6th, 2008 @ 03:46 AM

The call to attr_accessible :uploaded_data in lib/technoweenie/attachment_fu.rb:171 renders other attributes inaccessible for mass assignment:


class Model < ActiveRecord::Base
  belongs_to :other_model
  has_attachment #...
end

m = Model.create!(:uploaded_data => file, :other_model => existing_object)
# No Error is raised, but:
m.other_model # => nil

Maybe this is intended?

A workaround is to make :other_model explicitly accessible in Model: (each subsequent calls to attr_accessible(arg) will add arg to the attr_accessible array)


class Model < ActiveRecord::Base
  belongs_to :other_model
  attr_accessible :other_model
  has_attachment #...
end

Comments and changes to this ticket

You flagged this item as spam.
Josh Goebel November 7th, 2008 @ 11:04 AM
http://github.com/yyyc514/attach...

I've fixed this in my tree and added a test.
You flagged this item as spam.
Josh Goebel November 7th, 2008 @ 11:05 AM
If this is at all intentional it needs to be an attr_protected and protect whatever internals attachment_fu is afraid of the user mucking with... not just blanket the entire model.
You flagged this item as spam.
David Reese January 13th, 2009 @ 11:29 PM
Funny, I can't find the attr_accessible line Josh removed anywhere in my checked out version or on github. (at http://github.com/yyyc514/attach..., removed base.attr_accessible :uploaded_data)

BUT i was having similar problems with mass-assignment; I ended up re-cloning the plugin so I can't check to see what the deal was.

Even if that problem was corrected (somewhere?), there are still a few issues -- it would be nice to have these two points in the readme -- took me a while to figure this out, it's not immediately apparent.

1) You need at least :uploaded_data in your attr_accessible line, if you've got one.

2) If you've got thumbnails, you need to add a couple extra lines to attr_accessible -- it needs to be at least these:

:uploaded_data, :filename, :content_type, :temp_path, :thumbnail_resize_options

because of a mass assignment in attachment_fu.rb line 247: thumb.attributes = {:content_type => [...] }

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Ar-code attachment_fu

Mass Assignment & attr_accessible

Comments and changes to this ticket

Josh Goebel November 7th, 2008 @ 11:04 AM

Josh Goebel November 7th, 2008 @ 11:05 AM

David Reese January 13th, 2009 @ 11:29 PM

Create your profile

People watching this ticket

Tags

Pages

Ar-code attachment_fu

Keyword searching

Mass Assignment & attr_accessible

Comments and changes to this ticket

Josh Goebel November 7th, 2008 @ 11:04 AM

Josh Goebel November 7th, 2008 @ 11:05 AM

David Reese January 13th, 2009 @ 11:29 PM

Create your profile

People watching this ticket

Tags

Pages