It appears that update_attributes doesn’t allow me to change the id (so it IS

Question

0

Asked: June 7, 20262026-06-07T21:16:13+00:00 2026-06-07T21:16:13+00:00

It appears that update_attributes doesn’t allow me to change the id (so it IS

0

It appears that update_attributes doesn’t allow me to change the id (so it IS protected), but why isn’t rails throwing the same error it does for other protected attributes?

> rails new mass_assignment_test
> cd mass_assignment_test
> rails g model User name:string
> rake db:migrate
> rails console
>> u = User.create(:name => "ben")
>> u.update_attributes(:id => 5)
=> true
>> u.id
=> 1
>> u.update_attributes(:created_at => Time.now)
ActiveModel::MassAssignmentSecurity:Error

This is the model that rails generates (app/models/user.rb):

class User < ActiveRecord::Base
  attr_accessible :name
end

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T21:16:14+00:00

The id of a record is protected by Rails itself:

# activerecord-3.1.3/lib/active_record/base.rb:1961
def self.attributes_protected_by_default
  default = [ primary_key, inheritance_column ]
  default << 'id' unless primary_key.eql? 'id'
  default
end

You can bypass this with:

u.update_attributes!({:id => 5}, :without_protection => true)

Also, please please do not do this. 🙂 It will make your code hard to maintain…

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

It appears that update_attributes doesn’t allow me to change the id (so it IS

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply