Project

General

Profile

Actions
Copy link

Bug #5158

closed

Remove attr_accessible from Katello

Added by David Davis about 10 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
API
Target version:
Katello 3.0.0
Difficulty:
easy
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

At some point it would be nice to remove the attr_accessible calls from Katello models as we could/should just use strong parameters for mass assignment security.

See the following post for more information on this:

http://blog.remarkablelabs.com/2012/12/strong-parameters-rails-4-countdown-to-2013

Related issues 2 (0 open2 closed)

Is duplicate of Katello - Feature #15741: Use parameter_filter instead of attr_accessibleClosedDavid Davis07/19/2016Actions
Blocks Katello - Tracker #9259: Rails 4 featureResolved02/06/2015

Actions
Actions
Copy link
 #1

Updated by Eric Helms almost 10 years ago

  • Triaged changed from No to Yes
Actions
Copy link
 #2

Updated by Eric Helms over 8 years ago

  • translation missing: en.field_release set to 86

As of this comment, I see the following instances still:

vagrant@katello-devel katello (master)$ grep -r attr_accessible app/
app/models/katello/concerns/smart_proxy_extensions.rb:        attr_accessible :lifecycle_environment_ids
app/models/katello/concerns/container_extensions.rb:        attr_accessible :capsule_id
app/models/katello/concerns/organization_extensions.rb:        attr_accessible :label
Actions
Copy link
 #3

Updated by Eric Helms over 8 years ago

Actions
Copy link
 #4

Updated by John Mitsch over 8 years ago

The models that extend foreman will continue to use attr_accessible while foreman uses protected attributes. When they change to strong parameters, we will be able to remove those attr_accessible calls

Actions
Copy link
 #5

Updated by Eric Helms over 8 years ago

From reviewing the Rails 4 PR, was attr_accessible only needed when those parameters were set via a create or update_attributes call? Could we change where those variables are assigned to the block/direct method to remove these?

Actions
Copy link
 #6

Updated by John Mitsch over 8 years ago

They are mostly through create or update_attributes afaik, but would have to look closer to be sure. Is there a benefit to setting them directly vs. using attr_accessible?

Actions
Copy link
 #7

Updated by David Davis about 8 years ago

  • Status changed from New to Closed

Decided to close for now. It's not an issue unless foreman drops protected attributes and hopefully they will notify us before doing so.

Actions
Copy link
 #8

Updated by David Davis almost 8 years ago

  • Status changed from Closed to Duplicate
Actions
Copy link
 #9

Updated by David Davis almost 8 years ago

  • Is duplicate of Feature #15741: Use parameter_filter instead of attr_accessible added
Actions
Copy link

Also available in: Atom PDF