Complain loudly when protected attributes are set through mass assignment.

By default, in rails 3, attempting to assign values to attributes that are protected from mass assignment, rails will issue a warning to the logger and then proceed to ignore those values. That might be a sane default for many developers but I believe that attempting to assign to protected attributes is an error, not a warning and should be treated as such. During development rails should raise an exception so that it's obvious you're doing something you shouldn't. In production it is a security violation and should be available in an audit log.

Installation

gem "whiny-mass-assignment"

or as a plugin

rails plugin install git://github.com/appsinyourpants/whiny-mass-assignment.git

Usage

To enable whiny mass assignment errors simply add the gem to your project. Once enabled, attempts to use mass assignment on protected attributes will result in an exception.

If you want to suppress the exceptions and only use the highlighted logging, add an initializer to the project and set set mode to :log

# config/initializers/whiny-mass-assignment.rb

WhinyMassAssignment::Config.mode = :log