Rails - Apr 2012 - Agile Web Development 4th ed. - Can't mass assign.error

I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
picked up the Agile Web Development book and have been working through
it (apologies if this isn''t the correct place for this question but the
pragprog forums don''t seem to work for me).  I am currently working
through the book and have reached the point where I am adding
functionality to an "Add to Cart" button.  Here is the code that was
provided for the ''create'' method in the line_item_controller:

def create

 @cart = current_cart
 product = Product.find(params[:product_id])
 @line_item = @cart.line_items.build(product: product)

...

end

This results in the following error when I click "Add to Cart"

Can''t mass-assign protected attributes: product

Can anyone shed some light on what is going on here (my search-fu has
failed me)?  The only way that I have been able to get this to work is
by changing the code (starting at @line_item) to:

 @line_item = @cart.line_items.build
 @line_item.product = product

Is this correct or is it just a band-aid fix that may cause issues going
forward?

Thanks,

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Quoting Lucas J.
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>:
> I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
> picked up the Agile Web Development book and have been working through
> it (apologies if this isn''t the correct place for this question
but the
> pragprog forums don''t seem to work for me).  I am currently
working
> through the book and have reached the point where I am adding
> functionality to an "Add to Cart" button.  Here is the code that
was
> provided for the ''create'' method in the
line_item_controller:
> 
> def create
> 
>  @cart = current_cart
>  product = Product.find(params[:product_id])
>  @line_item = @cart.line_items.build(product: product)
> 
> ...
> 
> end
> 
> This results in the following error when I click "Add to Cart"
> 
> Can''t mass-assign protected attributes: product
> 
> Can anyone shed some light on what is going on here (my search-fu has
> failed me)?  The only way that I have been able to get this to work is
> by changing the code (starting at @line_item) to:
> 
>  @line_item = @cart.line_items.build
>  @line_item.product = product
> 
> Is this correct or is it just a band-aid fix that may cause issues going
> forward?
> 
This is a correct way to do it now.  And probably the best way to move forward
with the tutorial right now.  The newest releases of Rails have made
mass-assign protection the default.  Without it you have a security risk.  You
can learn more by Googling "Rails mass assign".  Save it for after you
complete the book.

HTH,
  Jeffrey

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Apr 8, 2012, at 1:14 , Lucas J. wrote:
> I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
> picked up the Agile Web Development book and have been working through
> it (apologies if this isn''t the correct place for this question
but the
> pragprog forums don''t seem to work for me).  I am currently
working
> through the book and have reached the point where I am adding
> functionality to an "Add to Cart" button.  Here is the code that
was
> provided for the ''create'' method in the
line_item_controller:
> 
> def create
> 
> @cart = current_cart
> product = Product.find(params[:product_id])
> @line_item = @cart.line_items.build(product: product)
> 
> ...
> 
> end
> 
> This results in the following error when I click "Add to Cart"
> 
> Can''t mass-assign protected attributes: product
> 
> Can anyone shed some light on what is going on here (my search-fu has
> failed me)?  The only way that I have been able to get this to work is
> by changing the code (starting at @line_item) to:
> 
> @line_item = @cart.line_items.build
> @line_item.product = product
> 
> Is this correct or is it just a band-aid fix that may cause issues going
> forward?
> 
> Thanks,
what about use google a bit? there''s about 2.460.000 resuls for
"Can''t mass-assign protected attributes:" query

set attr_accessible in your model(s)

tom

-- 
==============================================================================Tomas
Meinlschmidt, MS {MCT, MCP+I, MCSE, AER}, NetApp Filer/NetCache

www.meinlschmidt.com  www.maxwellrender.cz  www.lightgems.cz
==============================================================================
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Thanks, Jeffrey.  I just wanted to ensure that I was on the right track 
and that I wasn''t setting myself up for more problems later.

Tom - I tried google first (I always do).  My attributes are already set 
to attr_accessible in my models (there are only three at this point), 
which is why I was so confused.  I''m sure there''s something
I''m
overlooking but I''m not going to spend too much more time on it since I
have a working solution at this point.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Apr 8, 3:11 am, "Lucas J."
<li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:
> Thanks, Jeffrey.  I just wanted to ensure that I was on the right track
> and that I wasn''t setting myself up for more problems later.
>
> Tom - I tried google first (I always do).  My attributes are already set
> to attr_accessible in my models (there are only three at this point),
> which is why I was so confused.  I''m sure there''s
something I''m
> overlooking but I''m not going to spend too much more time on it
since I
> have a working solution at this point.
>
If you want to be able to do line_items.build(product: p) you need to
mark product as attr_accessible too. The mass assignment stuff doesn''t
know what things are database attributes, virtual attributes,
associations etc.

Fred

> --
> Posted viahttp://www.ruby-forum.com/.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

maybe you miss the code in the book:

file: line_item.rb
belong_to :product
belong_to :cart

then, the line_item has the attr product.




On Sunday, April 8, 2012 7:14:31 AM UTC+8, Ruby-Forum.com User
wrote:
>
> I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
> picked up the Agile Web Development book and have been working through
> it (apologies if this isn''t the correct place for this question
but the
> pragprog forums don''t seem to work for me).  I am currently
working
> through the book and have reached the point where I am adding
> functionality to an "Add to Cart" button.  Here is the code that
was
> provided for the ''create'' method in the
line_item_controller:
>
> def create
>
>  @cart = current_cart
>  product = Product.find(params[:product_id])
>  @line_item = @cart.line_items.build(product: product)
>
> ...
>
> end
>
> This results in the following error when I click "Add to Cart"
>
> Can''t mass-assign protected attributes: product
>
> Can anyone shed some light on what is going on here (my search-fu has
> failed me)?  The only way that I have been able to get this to work is
> by changing the code (starting at @line_item) to:
>
>  @line_item = @cart.line_items.build
>  @line_item.product = product
>
> Is this correct or is it just a band-aid fix that may cause issues going
> forward?
>
> Thanks,
>
> -- 
> Posted via http://www.ruby-forum.com/.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/83006756-e583-4fd6-8447-5deb2a82bc3f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.