Bug #14253: Saving dashboard widget positions fails under Rails 4.2 - Foreman

Actions

Copy link

Bug #14253

closed

Saving dashboard widget positions fails under Rails 4.2

Added by Dominic Cleal over 9 years ago. Updated over 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Dominic Cleal

Category:

Dashboard

Target version:

1.11.1

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/3344, https://github.com/theforeman/foreman_openscap/pull/168

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Under Rails 4.2, the dashboard widget save button fails as it's attempting to do mass-assignment:

2016-03-17T16:29:06 [app] [I] Started POST "/widgets/save_positions" for 127.0.0.1 at 2016-03-17 16:29:06 +0000
2016-03-17T16:29:06 [app] [I] Processing by DashboardController#save_positions as JSON
2016-03-17T16:29:06 [app] [I]   Parameters: {"widgets"=>{"131"=>{"hide"=>"false", "col"=>"1", "row"=>"1", "sizex"=>"8", "sizey"=>"1"}, "132"=>{"hide"=>"false", "col"=>"9", "row"=>"1", "sizex"=>"4", "sizey"=>"1"}, "133"=>{"hide"=>"false", "col"=>"1", "row"=>"2", "sizex"=>
"6", "sizey"=>"1"}, "134"=>{"hide"=>"false", "col"=>"7", "row"=>"2", "sizex"=>"6", "sizey"=>"1"}}}
2016-03-17T16:29:06 [sql] [D]   ActiveRecord::SessionStore::Session Load (0.1ms)  SELECT  "sessions".* FROM "sessions" WHERE "sessions"."session_id" = ?  ORDER BY "sessions"."id" ASC LIMIT 1  [["session_id", "455ee386086b45496e75214fc3334d15"]]
2016-03-17T16:29:06 [sql] [D]   User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 24]]
2016-03-17T16:29:06 [app] [D] Setting current user thread-local variable to admin
2016-03-17T16:29:06 [sql] [D]   Setting Load (0.1ms)  SELECT  "settings".* FROM "settings" WHERE "settings"."name" = ?  ORDER BY "settings"."name" ASC LIMIT 1  [["name", "authorize_login_delegation_api"]]
2016-03-17T16:29:06 [sql] [D]   AuthSource Load (0.1ms)  SELECT  "auth_sources".* FROM "auth_sources" WHERE "auth_sources"."id" = ? LIMIT 1  [["id", 1]]
2016-03-17T16:29:06 [sql] [D]   Widget Load (0.2ms)  SELECT  "widgets".* FROM "widgets" WHERE "widgets"."user_id" = ? AND (id = 131)  ORDER BY "widgets"."id" ASC LIMIT 1  [["user_id", 24]]
2016-03-17T16:29:06 [sql] [D]    (0.2ms)  begin transaction
2016-03-17T16:29:06 [sql] [D]    (0.1ms)  rollback transaction
2016-03-17T16:29:06 [app] [W] Failed to save positions
 | ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activemodel-4.2.6/lib/active_model/forbidden_attributes_protection.rb:21:in `sanitize_for_mass_assignment'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_model/mass_assignment_security.rb:354:in `sanitize_for_mass_assignment'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_record/mass_assignment_security/attribute_assignment.rb:58:in `assign_attributes'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_record/mass_assignment_security/persistence.rb:64:in `block in update'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/transactions.rb:351:in `block in with_transaction_returning_status'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `block in transaction'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/transaction.rb:184:in `within_new_transaction'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `transaction'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/transactions.rb:220:in `transaction'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/activerecord-4.2.6/lib/active_record/transactions.rb:348:in `with_transaction_returning_status'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/protected_attributes-1.1.3/lib/active_record/mass_assignment_security/persistence.rb:63:in `update'
 | /home/dcleal/code/foreman/foreman/app/controllers/dashboard_controller.rb:44:in `block in save_positions'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/actionpack-4.2.6/lib/action_controller/metal/strong_parameters.rb:185:in `each_pair'
 | /home/dcleal/.rvm/gems/ruby-2.0.0-p353@foreman/gems/actionpack-4.2.6/lib/action_controller/metal/strong_parameters.rb:185:in `each_pair'
 | /home/dcleal/code/foreman/foreman/app/controllers/dashboard_controller.rb:42:in `save_positions'

The Widget model doesn't have attr_accessible. This doesn't seem to affect develop with Rails 4.1, but 4.2 is stricter.

The dashboard controller is missing functional tests which would have caught this on the rails42 branch before now.

Related issues 3 (0 open — 3 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #14253

Saving dashboard widget positions fails under Rails 4.2

Updated by Dominic Cleal over 9 years ago

Updated by Dominic Cleal over 9 years ago

Updated by The Foreman Bot over 9 years ago

Updated by Dominic Cleal over 9 years ago

Updated by Dominic Cleal over 9 years ago

Updated by Ondřej Pražák over 9 years ago

Updated by The Foreman Bot over 9 years ago

Related to Foreman - Bug #7568: Use attr_accessible for rails 4 upgrade	Closed	Daniel Lobato Garcia	09/22/2014	Actions
Related to Foreman - Feature #13244: Upgrade Ruby on Rails to 4.2	Closed	Dominic Cleal	01/15/2016	Actions
Related to OpenSCAP - Bug #15001: Widgets on policy dashboard break the page	Closed		05/11/2016	Actions