Close #797

[rodzyn]

Hashie::Mash for declared params

[dblock]

This needs a CHANGELOG entry please, and possible documentation in README.

[rodzyn]

Added.

[dblock]

Merged, thanks.

[jwkoelewijn]

Mash does not seem to play well with Rails::StrongParameters, because of the reimplementation of #respond_to?:

• Mash#respond_to? will always return true for methods ending in '!' or '?'
• Mash#identifier? will return true or false, based on the identifier being present in the Mash
• Mash#identifier! will make sure the identifier key is present in the Mash

Rails::StrongParameters utilizes the #sanitize_for_mass_assignment method, which raises an
ActiveModel::ForbiddenAttributesError whenever the provided attributes respond to :permitted?
(which it does for all Mash'es, because it ends with a '?') AND when !attributes.permitted?
(which always returns true when the 'permitted' key is not present in the Mash):

module ActiveModel
  class ForbiddenAttributesError < StandardError
  end

  module ForbiddenAttributesProtection
    protected
    def sanitize_for_mass_assignment(attributes)
      if attributes.respond_to?(:permitted?) && !attributes.permitted?
        raise ActiveModel::ForbiddenAttributesError
      else
        attributes
      end
    end
  end
end

This results in always raising a ActiveModel::ForbiddenAttributeError

I do not see how to write a simple test-case for this and for now I reimplemented the #declared(params) helper in my own helpers utilizing a regular Hash.

[kuraga]

@jwkoelewijn @dblock Are Hashie::* useful for us, at all?

[jwkoelewijn]

I would propose to use the standard Hash and add a line or two to the readme to show how one could overwrite the #declared(params) method, for instance by wrapping it in a Hashie::Mash.

I would argue that the need for a Mash is not standard, rather an exception.

Apart from that, I never felt the need to access parameters as methods....

[dblock]

Please see /~https://github.com/Maxim-Filimonov/hashie-forbidden_attributes, what am I missing?

[jwkoelewijn]

Ok, so there is a gem to fix a bug introduced by a change to introduce mashes. What's still not entirely clear though is the added value of using this Mash thing in the first place...

[dblock]

To be fair Mash was used all over the place before Rails4 strong attributes :) But I agree, Mash is "everything to everyone", and possibly there's a better fix that provides Mash semantics by mixing parts of Hashie (indifferent access? method access?) without needing another gem, I would welcome a PR like that.