Yes! I have config.active_record.mass_assignment_sanitizer = :strict set in my development.rb and test.rb
I then tested the engine with config.active_record.mass_assignment_sanitizer = :strict It catches six mass assignment errors. On Tuesday, March 11, 2014 5:48:49 AM UTC-7, Bruno wrote: > > Hmm... I believe we'll need to update application.rb ( > https://github.com/bborn/communityengine/blob/master/test/testapp/config/application.rb) > > and set config.active_record.mass_assignment_sanitizer > > I think what's happening is that in your Rails app, mass assignment is > being protected, but not in the engine (when running stand-alone), so tests > are passing. Make sense? > > > On Mon, Mar 10, 2014 at 11:58 PM, jsh <[email protected] > <javascript:>>wrote: > >> ok.. I was able to set up the test/dev env.. ran 'bundle exec rake test', >> all tests passed >> >> then I ran the test app and tried sending/replying private messages >> (using the credentials in fixtures/user.yml) in browser.. >> However, i was unable to reproduce the bug..it seemed working fine. >> >> any idea? >> >> >> On Monday, March 10, 2014 6:29:50 AM UTC-7, Bruno wrote: >> >>> You'll just need to clone the repository and run tests. The CE repo >>> contains a dummy app within the tests directory. You can run that app (cd >>> into the test/testapp directory and `rails s`). You can also run the tests: >>> >>> bundle exec rake db:drop db:create db:migrate >>> bundle exec rake test >>> >>> >>> >>> >>> >>> >>> >>> >>> On Fri, Mar 7, 2014 at 3:52 PM, jsh <[email protected]> wrote: >>> >>>> I just filed a github issue. i would be happy to fix message.rb and >>>> submit a pull request. >>>> if you could hint me how to set up the dev env for CE project..(vs use >>>> CE as an Engine).. >>>> >>>> Thx~ >>>> >>>> On Thursday, March 6, 2014 8:32:19 AM UTC-7, Bruno wrote: >>>> >>>>> Yeah, that looks like a bug. Can you file an issue on Github and/or >>>>> submit a pull request with the fix? We need to make sure to update the >>>>> message.rb and message_controller tests to catch this. >>>>> >>>>> >>>>> On Wed, Mar 5, 2014 at 3:53 PM, jsh <[email protected]> wrote: >>>>> >>>>>> Hi Bruno, >>>>>> >>>>>> I am using Ruby2.0.0, Rails 3.2.17, CE master branch >>>>>> >>>>>> Thanks! >>>>>> josh >>>>>> >>>>>> >>>>>> On Wednesday, March 5, 2014 12:59:32 PM UTC-7, Bruno wrote: >>>>>> >>>>>>> Hi Josh, >>>>>>> What version of Rails and CE are you using? >>>>>>> >>>>>>> Thanks, >>>>>>> Bruno >>>>>>> >>>>>>> >>>>>>> On Wed, Mar 5, 2014 at 1:42 PM, jsh <[email protected]> wrote: >>>>>>> >>>>>>>> Hi, I am new to rails and CE. >>>>>>>> >>>>>>>> When replying to a private msg in CE, I got the following error: >>>>>>>> >>>>>>>> ActiveModel::MassAssignmentSecurity::Error in >>>>>>>> MessagesController#create >>>>>>>> >>>>>>>> Can't mass-assign protected attributes: parent_id >>>>>>>> >>>>>>>> >>>>>>>> I figured it can be fixed by overriding the message.rb in my app by >>>>>>>> doing this >>>>>>>> ---- >>>>>>>> class Message < ActiveRecord::Base >>>>>>>> require_from_ce('models/message') >>>>>>>> *attr_accessible :parent_id* >>>>>>>> end >>>>>>>> ------ >>>>>>>> >>>>>>>> Is this a bug? or did I miss something? >>>>>>>> >>>>>>>> Thanks! >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "CommunityEngine" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> >>>>>>>> Visit this group at http://groups.google.com/group/communityengine. >>>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CommunityEngine" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> Visit this group at http://groups.google.com/group/communityengine. >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "CommunityEngine" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at http://groups.google.com/group/communityengine. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "CommunityEngine" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> Visit this group at http://groups.google.com/group/communityengine. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/communityengine. For more options, visit https://groups.google.com/d/optout.
