Kevin Gillieron
2012-Apr-27 09:52 UTC
Can''t mass-assign protected attributes even if I use attr_accessible
Hi, I''m working on a Rails 3.2.2 application which has JSON APIs and I use a CLI client for inserting some data. It works fine except for the Author model. When I try to create a new post (Post belongs_to :author and Author has_many :posts) I get the following error : <h1> ActiveModel::MassAssignmentSecurity::Error in PostsController#create </h1> <pre>Can''t mass-assign protected attributes: name</pre> I did lots of searches on the topic but I found no working solution :-( I use attr_accessible to avoid MassAssignent errors and it works for all others models but not for the "Author" name attribute. Here is the Author model : class Author < ActiveRecord::Base attr_accessible :name, :email extend FriendlyId friendly_id :name, use: :slugged # some validations has_many :posts #authlogic acts_as_authentic # some stuffs end Actually, I have disabled whitelist_attributes and it solved my problem but I suppose that is not the convenient way to do this (and probably not a good idea). My question is : Why the attr_accessible does not work here ? And how can I solve the problem without disabling the whitelist ? Thank you, Revan -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Kevin Gillieron
2012-May-01 14:53 UTC
Re: Can''t mass-assign protected attributes even if I use attr_accessible
I found the solution ! :-) The problem was that I used acts_as_taggable_on_steroids plugin which does not work on Rails 3.2 ... Since "Author" is the only model which has a :name attribute, I thought that the problem came from Author ... but the problem was in the Tag model (which is in the acts_as_taggable_on_steroid plugin). Indeed, its :name attribute is not "accessible". So, I use the acts_as_taggable_on gem (https://github.com/mbleigh/acts-as-taggable-on) which correctly works on Rails 3.x -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Apparently Analagous Threads
- Scoped attr_accessible not working?
- MassAssignmentSecurity for multiple contexts
- Ignore attr_accessible in seed file
- attr_accessible on some properties + attr_protected on others makes class 'open-by-default'
- difference between attr_accessor and attr_accessible?