How To Bypass Rails Forbidden Attributes Or Mass Assignment Protection For One Time

Posted by Weston Ganger on February 09, 2016

Sometimes you need to set something that normally would be protected in by forbidden attributes or mass assignment possibly for seeding data or imports. These techniques will work with most ActiveRecord methods including new, create, assign_attributes, update_attributes.

Rails 5

Just call .to_unsafe_hash on your params before passing them in.


Rails 4

Just call .to_hash on your params before passing them in.


Rails 3

Just use the without_protection option.

User.create(params[:user], without_protection: true)
# or
User.create({name: 'Weston Ganger', company: 'Solid Foundation Web Development'}, without_protection: true)

Related External Links:

Posted in Rails and Tagged with rails active-record 

Want me to help develop your next project or application?

Contact Us

Specializing in Ruby-on-Rails, Javascript, Multi-Platform Electron Desktop Apps and Hybrid Cordova Mobile Apps.

Recommended Posts