rails 4 strong params ForbiddenAttributesError
Try changing your whitelist to handle the multi-part date parameter.:
def competition_params
params.require(:competition).permit(:name, :"date(1i)", :"date(2i)", :"date(3i)", :sex, :category, :country_id, :description, :article, :result)
end
Also, this code doesn't look quite right:
if @competition.save(competition_params)
Assuming you already have a Competition
instance assigned to @competition
- you should use update_attributes
:
if @competition.update_attributes(competition_params)
Otherwise, assign it first:
@competition = Competition.new(competition_params)
if @competition.save
Rails 4 with CanCan: unknown attribute error after including load_and_authorize_resource
Solution came to me in my sleep. Here's what I did to solve the problem:
The only reason comment_params
wasn't normally having a problem on create, was because I was excluding the extra :parent_comment_id
parameter, like this:
@comment = post.comment.create(comment_params.except(:parent_comment_id))
When CanCan used the comment_params
method however, it did no such sanitation. Hence, the problem. It would have been messy to add that sanitation to CanCan on a per-controller basis, so I did what I should have done all along and instead of passing the :parent_comment_id
inside :comment
, I used hidden_field_tag
to pass it outside of :comment
and accessed it through plain, old params
.
I hope this helps someone else who makes a similar mistake!
ForbiddenAttributesError in Rails 4
This was totally an issue where CanCan is incompatible with Rails 4 and had nothing to do with my Station
model or controller.
My workaround was to skip_load_resource
for the create
action.
before_filter :authenticate_user!, :except => [:show, :index]
load_and_authorize_resource :except => [:show, :index]
skip_load_resource :only => [:create]
Bang! Everything turned green.
UPDATE. Check out CanCanCan it´s the continuation of the now dead cancan and features Rails 4 strong parameters support among other things.
Rails 5 - Forbidden Attributes
If there is a load_and_authorize_resource
before action in your controllers, what is happening is that method is taking your parameters and attempting to create an instance before it ever gets to the method. Hence it ignores the strong parameters you have created.
So, of course, it never reaches the method and BAM -- the dreaded FAE.
One remedy is to tweak the before actions...
load_and_authorize_resource :shipment_method, except: [:create]
authorize_resource :shipment_method, only: [:create]
But that is very dull.
The other is to change the name of your strong parameters method to shipment_method_params
...
def shipment_method_params
params.require(:shipment_method).permit(:name, :description, :shipping_url, :active, :supports_tracking, :requires_phone)
end
Because, Rails and its love of conventions. You can also make separate create_params
and update_params
if you have different parameters for those actions.
Strong Attributes exception in rails 3. No idea whats causing it
Based on the stack trace, it looks like the assignment that triggers the error is coming from cancan, not from setting the artist's name. Try temporarily disabling the before_filter that uses cancan and see whether that resolves the issue. If it does, then you need to re-enable it, dig into cancan and figure out how to make it play nicely with strong_parameters. I don't use it myself, but I think there's a fork for Rails 4 called cancancan, which might work with rails 3.2 and strong_parameters as well.
Unrelated to your immediate problem, but you should probably also look at upgrading to the latest version in the Rails 3.2.x series to pick up the different security fixes they've released.
Related Topics
Ruby on Rails - Rack-Cors Multiple Origins with Different Resources
Why Is Foreman Gem Ignoring the Port Environment Variable
Using Rest-Client to Download a File to Disk Without Loading It All in Memory First
Ruby No Implicit Conversion of Fixnum into String (Typeerror)
Rails Console Fails with 'Switch to Inspect Mode' in Windows
Capturing Logger Output Inside a Method
How to Use Ffmpeg on a Remote Machine via Ssh
Ruby Inserting Key, Value Elements in Hash
How Do Get a Random Datetime Rounded to Beginning of Hour in Rails
Bundle Install Tries to Use Cache File
What's the Best Way to Start a Background Process, That Can Get Accessed Later On
Implicit Argument Passing of Super from Method Defined by Define_Method() Is Not Supported
How to Use Present? in Ruby Projects
How to Do Fuzzy Substring Matching in Ruby
Why Does Psych Yaml Interpreter Add Line Breaks Around 80 Characters
How Can a Nested Class Access a Method in The Outer Class in Ruby