No warnings for specified attributes that were filtered for mass-assignment reasons in first_or_create and first_or_initialize

[prusswan]

MyModel.first_or_create(attributes_hash) returns an instance with all nil values. This also breaks idioms like Team.where(name: 'Justice League').first_or_create({additional_params_hash})

Tested on Rails 4.0.1 with protected_attributes 1.0.5

[rafaelfranca]

Could you provide an example application reproducing this issue?

[prusswan]

@rafaelfranca

I think I figured out what was happening: strong_parameters is activated by default (since this is a Rails 4 app), while protected_attributes was also used by something else for compatibility with attr_accessible etc. In such a situation, use of first_or_create and first_or_initialize on a model with attributes that should be specified for mass-assignment but were not, leads to unexpected results (silent failures for one) depending on how the model validations are set up.

In the case of: Team.where(name: 'Justice League').first_or_create({additional_params_hash}) If any of the attributes in additional_params_hash are disallowed for mass-assignment but are not required to be present in the model validations, the statement will execute without errors or warnings creating an instance of Team with name: 'Justice League' with the other specified attributes set to nil. I'm not sure if this is necessarily an issue with protected_attributes, but I would find this behavior unexpected.

PS: this might be related to #16

[prusswan]

Upon further investigation, I discovered rails/rails#9894 which suggests a soft-deprecation of first_or_create and first_or_initialize, which are producing erratic results even without protected_attributes in some cases. In light of this I will close this issue.