28 Jun 2012, 12:22
Me_pragsmall

Andrew Gellene (33 posts)

Is there a general rule to work with this book that goes something like this: When you are trying to assign an attribute the attribute MUST be assigned like this:
attr_accessible :name, :password, :password_confirmation

as an example for the creating a user in chapter 14? It would be nice to have some “official” statement by the authors that this is what is needed to get through the book without having to second guess what you are doing all the time. I am sure for some this is a “no brainer” but for me I am thinking - what am I doing setting these things to be assigned? Am I create a security issue here? If so how do I fix it? How do I assign it and then make it secure?

It would be nice.

04 Aug 2012, 20:17
Generic-user-small

Jason Hagglund (4 posts)

I second this motion. I’m consistently getting mass assignment errors when using the model code provided by the book, and am only getting around these errors when throwing in attr_accessible lines in my models.

05 Aug 2012, 14:44
Samr_small_pragsmall

Sam Ruby (584 posts)

People are encouraged to use the exact version of Rails that the book was designed for before venturing out. The latest eBook was tested against 3.2.0.

A change was made in 3.2.3 to turn mass assignment checking on:

http://weblog.rubyonrails.org/2012/3/30/ann-rails-3-2-3-has-been-released/

One option is to simply turn that option off.

An updated version of the book for 3.2.6 was made, and is working its way through the publishing process. Hopefully it will be made available shortly.

One thing that makes this more complicated is that the mass assignment checking will be removed in 4.0 in favor of another solution:

http://weblog.rubyonrails.org/2012/3/21/strong-parameters/

Meanwhile, I’m continuing to track the latest version each release, and you can see release specific solutions that work here:

http://intertwingly.net/projects/dashboard.html

16 Aug 2012, 01:22
Generic-user-small

John Benson (1 post)

I followed the book exactly, and specified version 3.2.0 as my version before starting the project. I’m getting mass assignment errors both with my code and the code downloaded from this site.

Just wanted to reiterate that the original poster is not the only person having this issue.

16 Aug 2012, 22:00
Generic-user-small

Xavier John (19 posts)

On Rails 3.2.7,

There are two issues

  1. When the attr_accessible does not include :product then

@line_item = @cart.line_items.build(product: product) [pg 110 in the book] in line_items_controller.rb fill fail as mass assignment canto be done.

To fix this in models/line_item.rb by adding :product as an accessible attribute.

  1. models/line_item.rb indicates that the LineItem belongs to :product.

belongs_to :product.

However, in show.html.erb is unable to traverse this relationship. <li> <%= item.product.title %> </li>

will fail as product is nil.

So the root questions are:

  1. How to you set the relationships via .build? should all the properties

  2. How do you traverse them?

Thanks

17 Aug 2012, 18:30
Samr_small_pragsmall

Sam Ruby (584 posts)

Sorry for the delay.

A P3.0 version is now available to everybody who purchased eBooks. This has been updated to match 3.2.6, but has been verified to work unchanged on 3.2.7 and 3.2.8. The downloads have also been updated.

  You must be logged in to comment