Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"RuntimeError occurred in articles#shared" #1077

Open
decentral1se opened this issue Dec 11, 2024 · 2 comments
Open

"RuntimeError occurred in articles#shared" #1077

decentral1se opened this issue Dec 11, 2024 · 2 comments

Comments

@decentral1se
Copy link
Member

decentral1se commented Dec 11, 2024
edited
Loading

Heya 👋 Thanks for all the great work maintaining / developing Foodsoft 💝

This keeps popping up lately, not sure what is the cause!

A RuntimeError occurred in articles#shared:

  Ransack needs SharedArticle attributes explicitly allowlisted as
searchable. Define a `ransackable_attributes` class method in your `SharedArticle`
model, watching out for items you DON'T want searchable (for
example, `encrypted_password`, `password_reset_token`, `owner` or
other sensitive information). You can use the following as a base:

```ruby
class SharedArticle < ApplicationRecord

  # ...

  def self.ransackable_attributes(auth_object = nil)
    ["category", "created_on", "deposit", "id", "manufacturer", "name", "note", "number", "origin", "price", "quantity", "scale_price", "scale_quantity", "srcdata", "supplier_id", "tax", "unit", "unit_quantity", "updated_on", "upload_list"]
  end

  # ...

end
  app/controllers/articles_controller.rb:219:in `shared'


-------------------------------
Request:
-------------------------------

  * URL        : https://foo.org/foo/suppliers/6/articles/shared?name_cont_all_joined=was&article_category%5Bid%5D=
  * HTTP Method: GET
  * IP address : 10.0.0.2
  * Parameters : {"name_cont_all_joined"=>"was", "article_category"=>{"id"=>""}, "controller"=>"articles", "action"=>"shared", "foodcoop"=>"foo", "supplier_id"=>"6"}
  * Timestamp  : 2024-12-03 10:05:34 UTC
  * Server : c31ffba0f865
    * Rails root : /usr/src/app
  * Process: 129
@wvengen
Copy link
Member

wvengen commented Dec 12, 2024

This sounds like Ransack was upgraded to v4, but the code was not fully adapted for breaking changes (see its CHANGELOG; and e.g. this article on why this change was necessary - even though we should have had some mitigations in place already, but that was up to the developer and not enforced as it is with Ransack v4+).

@wvengen
Copy link
Member

wvengen commented Dec 12, 2024

Ransack was updated from v3 to v4 in #1038. I saw no Ransack-related changes here, so I think this was missed in that PR. But we did have ransackable_attributes in place already, also for SharedArticle, so I'm not quite sure why this error occurs. Could it be that there is a search attribute that is not whitelisted here, or that cont_all_joined is not a recognized search operator or so?

foodsoft/app/models/shared_article.rb

Lines 9 to 11 in b2deb0e

def self.ransackable_attributes(_auth_object = nil)
%w[category created_on deposit id manufacturer name note number origin price scale_price scale_quantity supplier_id tax unit unit_quantity updated_on]
end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wvengen @decentral1se