From 42cfacfe81b20b454f0d915beb934e62618c38a6 Mon Sep 17 00:00:00 2001
From: Andrew White <andyw@pixeltrix.co.uk>
Date: Fri, 9 Nov 2012 15:21:05 +0000
Subject: Gracefully handle upgrading apps with mass assigment configs

Most apps upgrading from 3.x will have options for mass assigment in
their application.rb and environments/*.rb config files. Rather than
just raising a NoMethodError when copying the config, this commit
adds a warning message until either the protected_attributes gem
is installed or the relevant config options are removed.
---
 activerecord/lib/active_record/railtie.rb | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'activerecord/lib/active_record')

diff --git a/activerecord/lib/active_record/railtie.rb b/activerecord/lib/active_record/railtie.rb
index 77e41ea927..4ba35fe513 100644
--- a/activerecord/lib/active_record/railtie.rb
+++ b/activerecord/lib/active_record/railtie.rb
@@ -92,6 +92,33 @@ module ActiveRecord
 
     initializer "active_record.set_configs" do |app|
       ActiveSupport.on_load(:active_record) do
+        begin
+          old_behavior, ActiveSupport::Deprecation.behavior = ActiveSupport::Deprecation.behavior, :stderr
+          whitelist_attributes = app.config.active_record.delete(:whitelist_attributes)
+
+          if respond_to?(:mass_assignment_sanitizer=)
+            mass_assignment_sanitizer = nil
+          else
+            mass_assignment_sanitizer = app.config.active_record.delete(:mass_assignment_sanitizer)
+          end
+
+          unless whitelist_attributes.nil? && mass_assignment_sanitizer.nil?
+            ActiveSupport::Deprecation.warn <<-EOF.strip_heredoc, []
+              Model based mass assignment security has been extracted
+              out of Rails into a gem. Please use the new recommended protection model for
+              params or add `protected_attributes` to your Gemfile to use the old one.
+
+              To disable this message remove the `whitelist_attributes` option from your
+              `config/application.rb` file and any `mass_assignment_sanitizer` options
+              from your `config/environments/*.rb` files.
+
+              See http://edgeguides.rubyonrails.org/security.html#mass-assignment for more information
+            EOF
+          end
+        ensure
+          ActiveSupport::Deprecation.behavior = old_behavior
+        end
+
         app.config.active_record.each do |k,v|
           send "#{k}=", v
         end
-- 
cgit v1.2.3