Actions
Bug #14253
closed
Saving dashboard widget positions fails under Rails 4.2
Difficulty:
Triaged:
Description
Under Rails 4.2, the dashboard widget save button fails as it's attempting to do mass-assignment:
2016-03-17T16:29:06 [app] [I] Started POST "/widgets/save_positions" for 127.0.0.1 at 2016-03-17 16:29:06 +0000
2016-03-17T16:29:06 [app] [I] Processing by DashboardController#save_positions as JSON
2016-03-17T16:29:06 [app] [I] Parameters: {"widgets"=>{"131"=>{"hide"=>"false", "col"=>"1", "row"=>"1", "sizex"=>"8", "sizey"=>"1"}, "132"=>{"hide"=>"false", "col"=>"9", "row"=>"1", "sizex"=>"4", "sizey"=>"1"}, "133"=>{"hide"=>"false", "col"=>"1", "row"=>"2", "sizex"=>
"6", "sizey"=>"1"}, "134"=>{"hide"=>"false", "col"=>"7", "row"=>"2", "sizex"=>"6", "sizey"=>"1"}}}
2016-03-17T16:29:06 [sql] [D] ActiveRecord::SessionStore::Session Load (0.1ms) SELECT "sessions".* FROM "sessions" WHERE "sessions"."session_id" = ? ORDER BY "sessions"."id" ASC LIMIT 1 [["session_id", "455ee386086b45496e75214fc3334d15"]]
2016-03-17T16:29:06 [sql] [D] User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 24]]
2016-03-17T16:29:06 [app] [D] Setting current user thread-local variable to admin
2016-03-17T16:29:06 [sql] [D] Setting Load (0.1ms) SELECT "settings".* FROM "settings" WHERE "settings"."name" = ? ORDER BY "settings"."name" ASC LIMIT 1 [["name", "authorize_login_delegation_api"]]
2016-03-17T16:29:06 [sql] [D] AuthSource Load (0.1ms) SELECT "auth_sources".* FROM "auth_sources" WHERE "auth_sources"."id" = ? LIMIT 1 [["id", 1]]
2016-03-17T16:29:06 [sql] [D] Widget Load (0.2ms) SELECT "widgets".* FROM "widgets" WHERE "widgets"."user_id" = ? AND (id = 131) ORDER BY "widgets"."id" ASC LIMIT 1 [["user_id", 24]]
2016-03-17T16:29:06 [sql] [D] (0.2ms) begin transaction
2016-03-17T16:29:06 [sql] [D] (0.1ms) rollback transaction
2016-03-17T16:29:06 [app] [W] Failed to save positions
| ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activemodel-4.2.6/lib/active_model/forbidden_attributes_protection.rb:21:in `sanitize_for_mass_assignment'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_model/mass_assignment_security.rb:354:in `sanitize_for_mass_assignment'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_record/mass_assignment_security/attribute_assignment.rb:58:in `assign_attributes'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_record/mass_assignment_security/persistence.rb:64:in `block in update'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/transactions.rb:351:in `block in with_transaction_returning_status'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `block in transaction'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/transaction.rb:184:in `within_new_transaction'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `transaction'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/transactions.rb:220:in `transaction'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/transactions.rb:348:in `with_transaction_returning_status'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_record/mass_assignment_security/persistence.rb:63:in `update'
| /home/dcleal/code/foreman/foreman/app/controllers/dashboard_controller.rb:44:in `block in save_positions'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/actionpack-4.2.6/lib/action_controller/metal/strong_parameters.rb:185:in `each_pair'
| /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/actionpack-4.2.6/lib/action_controller/metal/strong_parameters.rb:185:in `each_pair'
| /home/dcleal/code/foreman/foreman/app/controllers/dashboard_controller.rb:42:in `save_positions'
The Widget model doesn't have attr_accessible. This doesn't seem to affect develop with Rails 4.1, but 4.2 is stricter.
The dashboard controller is missing functional tests which would have caught this on the rails42 branch before now.
Updated by Dominic Cleal about 8 years ago
- Related to Bug #7568: Use attr_accessible for rails 4 upgrade added
Updated by Dominic Cleal about 8 years ago
- Related to Feature #13244: Upgrade Ruby on Rails to 4.2 added
Updated by The Foreman Bot about 8 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3344 added
Updated by Dominic Cleal about 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 38987e042c1bdd55b259ee6a7fa34403341c8d80.
Updated by Dominic Cleal about 8 years ago
- translation missing: en.field_release set to 141
Updated by Ondřej Pražák almost 8 years ago
- Related to Bug #15001: Widgets on policy dashboard break the page added
Updated by The Foreman Bot almost 8 years ago
- Pull request https://github.com/theforeman/foreman_openscap/pull/168 added
Actions