Merge branch 'master' into 2798-go-keep-client

[arvados.git] / apps / workbench / app / models / arvados_base.rb

diff --git a/apps/workbench/app/models/arvados_base.rb b/apps/workbench/app/models/arvados_base.rb
index aea6b778371c0f7059877f1b50e3078531d08ce5..1ad0230512318bf114e6e30de95d9dc1eb21371f 100644 (file)
--- a/apps/workbench/app/models/arvados_base.rb
+++ b/apps/workbench/app/models/arvados_base.rb
@@ -30,14 +30,7 @@ class ArvadosBase < ActiveRecord::Base
   end
 
   def initialize raw_params={}
-    begin
-      super self.class.permit_attribute_params(raw_params)
-    rescue Exception => e
-      logger.debug raw_params
-      logger.debug self.class.permit_attribute_params(raw_params).inspect
-      logger.debug self.class.attribute_info.inspect
-      raise e
-    end
+    super self.class.permit_attribute_params(raw_params)
     @attribute_sortkey ||= {
       'id' => nil,
       'name' => '000',
@@ -144,11 +137,14 @@ class ArvadosBase < ActiveRecord::Base
     # strong_parameters does not provide security in Workbench: anyone
     # who can get this far can just as well do a call directly to our
     # database (Arvados) with the same credentials we use.
+    #
+    # The following permit! is necessary even with
+    # "ActionController::Parameters.permit_all_parameters = true",
+    # because permit_all does not permit nested attributes.
     ActionController::Parameters.new(raw_params).permit!
   end
 
   def self.create raw_params={}
-    logger.error permit_attribute_params(raw_params).inspect
     super(permit_attribute_params(raw_params))
   end