Remove mass assignment security from ActiveRecord

7 files changed, 12 insertions, 99 deletions

diff --git a/activerecord/lib/active_record/associations/collection_proxy.rb b/activerecord/lib/active_record/associations/collection_proxy.rb
index 66132b7260..a45ec33546 100644
--- a/activerecord/lib/active_record/associations/collection_proxy.rb
+++ b/activerecord/lib/active_record/associations/collection_proxy.rb
@@ -265,7 +265,6 @@ module ActiveRecord
       #   end
       #
       #   class Pet
-      #     attr_accessible :name
       #     validates :name, presence: true
       #   end
       #
diff --git a/activerecord/lib/active_record/attribute_assignment.rb b/activerecord/lib/active_record/attribute_assignment.rb
index d9989274c8..9e45a83fcf 100644
--- a/activerecord/lib/active_record/attribute_assignment.rb
+++ b/activerecord/lib/active_record/attribute_assignment.rb
@@ -1,86 +1,25 @@
 
 module ActiveRecord
-  ActiveSupport.on_load(:active_record_config) do
-    mattr_accessor :whitelist_attributes,      instance_accessor: false
-    mattr_accessor :mass_assignment_sanitizer, instance_accessor: false
-  end
-
   module AttributeAssignment
-    extend ActiveSupport::Concern
-    include ActiveModel::MassAssignmentSecurity
-
-    included do
-      initialize_mass_assignment_sanitizer
-    end
-
-    module ClassMethods
-      def inherited(child) # :nodoc:
-        child.send :initialize_mass_assignment_sanitizer if self == Base
-        super
-      end
-
-      private
-
-      # The primary key and inheritance column can never be set by mass-assignment for security reasons.
-      def attributes_protected_by_default
-        default = [ primary_key, inheritance_column ]
-        default << 'id' unless primary_key.eql? 'id'
-        default
-      end
-
-      def initialize_mass_assignment_sanitizer
-        attr_accessible(nil) if Model.whitelist_attributes
-        self.mass_assignment_sanitizer = Model.mass_assignment_sanitizer if Model.mass_assignment_sanitizer
-      end
-    end
+    include ActiveModel::ForbiddenAttributesProtection
 
     # Allows you to set all the attributes at once by passing in a hash with keys
     # matching the attribute names (which again matches the column names).
     #
-    # If any attributes are protected by either +attr_protected+ or
-    # +attr_accessible+ then only settable attributes will be assigned.
-    #
-    #   class User < ActiveRecord::Base
-    #     attr_protected :is_admin
-    #   end
-    #
-    #   user = User.new
-    #   user.attributes = { :username => 'Phusion', :is_admin => true }
-    #   user.username   # => "Phusion"
-    #   user.is_admin?  # => false
+    # If the passed hash responds to permitted? method and the return value
+    # of this method is false an ActiveModel::ForbiddenAttributes exception
+    # is raised.
     def attributes=(new_attributes)
       return unless new_attributes.is_a?(Hash)
 
       assign_attributes(new_attributes)
     end
 
-    # Allows you to set all the attributes for a particular mass-assignment
-    # security role by passing in a hash of attributes with keys matching
-    # the attribute names (which again matches the column names) and the role
-    # name using the :as option.
+    # Allows you to set all the attributes by passing in a hash of attributes with
+    # keys matching the attribute names (which again matches the column names)
     #
-    # To bypass mass-assignment security you can use the :without_protection => true
+    # To bypass forbidden attributes protection you can use the without_protection: true
     # option.
-    #
-    #   class User < ActiveRecord::Base
-    #     attr_accessible :name
-    #     attr_accessible :name, :is_admin, :as => :admin
-    #   end
-    #
-    #   user = User.new
-    #   user.assign_attributes({ :name => 'Josh', :is_admin => true })
-    #   user.name       # => "Josh"
-    #   user.is_admin?  # => false
-    #
-    #   user = User.new
-    #   user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
-    #   user.name       # => "Josh"
-    #   user.is_admin?  # => true
-    #
-    #   user = User.new
-    #   user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
-    #   user.name       # => "Josh"
-    #   user.is_admin?  # => true
     def assign_attributes(new_attributes, options = {})
       return if new_attributes.blank?
 
@@ -91,7 +30,7 @@ module ActiveRecord
       @mass_assignment_options    = options
 
       unless options[:without_protection]
-        attributes = sanitize_for_mass_assignment(attributes, mass_assignment_role)
+        attributes = sanitize_for_mass_assignment(attributes)
       end
 
       attributes.each do |k, v|
@@ -116,10 +55,6 @@ module ActiveRecord
       @mass_assignment_options ||= {}
     end
 
-    def mass_assignment_role
-      mass_assignment_options[:as] || :default
-    end
-
     private
 
     def _assign_attribute(k, v)
diff --git a/activerecord/lib/active_record/attribute_methods/primary_key.rb b/activerecord/lib/active_record/attribute_methods/primary_key.rb
index 7b7811a706..383448c94a 100644
--- a/activerecord/lib/active_record/attribute_methods/primary_key.rb
+++ b/activerecord/lib/active_record/attribute_methods/primary_key.rb
@@ -53,8 +53,7 @@ module ActiveRecord
         end
 
         # Defines the primary key field -- can be overridden in subclasses. Overwriting will negate any effect of the
-        # primary_key_prefix_type setting, though. Since primary keys are usually protected from mass assignment,
-        # remember to let your database generate them or include the key in +attr_accessible+.
+        # primary_key_prefix_type setting, though.
         def primary_key
           @primary_key = reset_primary_key unless defined? @primary_key
           @primary_key
diff --git a/activerecord/lib/active_record/nested_attributes.rb b/activerecord/lib/active_record/nested_attributes.rb
index 3005dc042c..6d535e4ffa 100644
--- a/activerecord/lib/active_record/nested_attributes.rb
+++ b/activerecord/lib/active_record/nested_attributes.rb
@@ -194,18 +194,6 @@ module ActiveRecord
     # the parent model is saved. This happens inside the transaction initiated
     # by the parents save method. See ActiveRecord::AutosaveAssociation.
     #
-    # === Using with attr_accessible
-    #
-    # The use of <tt>attr_accessible</tt> can interfere with nested attributes
-    # if you're not careful. For example, if the <tt>Member</tt> model above
-    # was using <tt>attr_accessible</tt> like this:
-    #
-    #   attr_accessible :name
-    #
-    # You would need to modify it to look like this:
-    #
-    #   attr_accessible :name, :posts_attributes
-    #
     # === Validating the presence of a parent model
     #
     # If you want to validate that a child record is associated with a parent
@@ -224,9 +212,7 @@ module ActiveRecord
     module ClassMethods
       REJECT_ALL_BLANK_PROC = proc { |attributes| attributes.all? { |key, value| key == '_destroy' || value.blank? } }
 
-      # Defines an attributes writer for the specified association(s). If you
-      # are using <tt>attr_protected</tt> or <tt>attr_accessible</tt>, then you
-      # will need to add the attribute writer to the allowed list.
+      # Defines an attributes writer for the specified association(s).
       #
       # Supported options:
       # [:allow_destroy]
diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb
index 7bd65c180d..b58b8881ac 100644
--- a/activerecord/lib/active_record/persistence.rb
+++ b/activerecord/lib/active_record/persistence.rb
@@ -186,8 +186,8 @@ module ActiveRecord
     #
     # When updating model attributes, mass-assignment security protection is respected.
     # If no +:as+ option is supplied then the +:default+ role will be used.
-    # If you want to bypass the protection given by +attr_protected+ and
-    # +attr_accessible+ then you can do so using the +:without_protection+ option.
+    # If you want to bypass the forbidden attributes protection then you can do so using
+    # the +:without_protection+ option.
     def update_attributes(attributes, options = {})
       # The following transaction covers any possible database side-effects of the
       # attributes assignment. For example, setting the IDs of a child collection.
diff --git a/activerecord/lib/active_record/schema_migration.rb b/activerecord/lib/active_record/schema_migration.rb
index ca22154c84..9830abe7d8 100644
--- a/activerecord/lib/active_record/schema_migration.rb
+++ b/activerecord/lib/active_record/schema_migration.rb
@@ -4,7 +4,6 @@ require 'active_record/base'
 
 module ActiveRecord
   class SchemaMigration < ActiveRecord::Base
-    attr_accessible :version
 
     def self.table_name
       "#{Base.table_name_prefix}schema_migrations#{Base.table_name_suffix}"
diff --git a/activerecord/lib/rails/generators/active_record/model/templates/model.rb b/activerecord/lib/rails/generators/active_record/model/templates/model.rb
index 2cca17b94f..056f55470c 100644
--- a/activerecord/lib/rails/generators/active_record/model/templates/model.rb
+++ b/activerecord/lib/rails/generators/active_record/model/templates/model.rb
@@ -3,10 +3,5 @@ class <%= class_name %> < <%= parent_class_name.classify %>
 <% attributes.select {|attr| attr.reference? }.each do |attribute| -%>
   belongs_to :<%= attribute.name %><%= ', polymorphic: true' if attribute.polymorphic? %>
 <% end -%>
-<% if !accessible_attributes.empty? -%>
-  attr_accessible <%= accessible_attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>
-<% else -%>
-  # attr_accessible :title, :body
-<% end -%>
 end
 <% end -%>