Could requirement for _attributes suffix for association names in mass assignment security and model data go away in Rails 4?

When using mass assignment security (attr_accessible, attr_protected) and accepts_nested_attributes_for, and when passing in the associated models in a request, an _attributes suffix must be added to the key/name of the attribute, even though accepts_nested_attributes_for does not require the _attributes suffix on the association’s name.

In the spirit of DRY, it seems like if an association has been declared, the model should know that some_association_name is an association without having to add the _attributes suffix in attr_accessible and in JSON requests. Could Rails 4 do away with the need for the _attributes suffix in mass assignment security when referring to some_association_name that has accepts_nested_attributes_for? It seems awfully repetitive to have to specify that over and over for little reason. If anything, it seems like some new class methods specific to associations for mass assignment security would make more sense if it is having to look for an _attributes suffix.


Even better: mass assignment security is going away:

As an addition, accepts_nested_attributes is a feature meant for associations, whereas mass assignment helpers - attr_accessible and friends - are not. I don’t think it’s that worth to change it in a way to check for associations when they’re called for each attribute, that’d be a lot of effort for a not majority of use cases (ie it’d slow down the attribute definitions to search for associations). Just my two cents :).


Cool! I just went back and read a post that a co-worker sent me a link to:

That post mentioned “I hope that dhh’s
strong paramters is merged into Rails 4”, and I didn’t know that was planned to be the case now. I didn’t see it in the Gemfile for Rails either. Know what the roadmap for including that is?


The work is being done here:

I'm not sure what the timetable is.