How is attr accessible used in Rails 4

Question

attr accessible seems to no longer work within my model   What is the way to allow mass assignment in Rails 4

User · Answer

1  Update Devise so that it can handle Rails 4 0 by adding this line to your application s Gemfile   gem  devise    3 0 0 rc     Then execute     bundle   2  Add the old functionality of attr accessible again to rails 4 0  Try to use attr accessible and don t comment this out   Add this line to your application s Gemfile   gem  protected attributes    Then execute     bundle

User · Answer

Rails 4 now uses strong parameters   Protecting attributes is now done in the controller  This is an example   class PeopleController  lt  ApplicationController   def create     Person create person params    end    private    def person params     params require  person  permit  name   age    end end   No need to set attr accessible in the model anymore   Dealing with accepts nested attributes for  In order to use accepts nested attribute for with strong parameters  you will need to specify which nested attributes should be whitelisted   class Person   has many  pets   accepts nested attributes for  pets end  class PeopleController  lt  ApplicationController   def create     Person create person params    end             private    def person params     params require  person  permit  name   age  pets attributes    name   category     end end   Keywords are self-explanatory  but just in case  you can find more information about strong parameters in the Rails Action Controller guide   Note  If you still want to use attr accessible  you need to add protected attributes to your Gemfile  Otherwise  you will be faced with a RuntimeError

User · Answer

We can use   params require  person  permit  name   age    where person is Model  you can pass this code on a method person params  amp  use in place of params  person  in create method or else method

User · Answer

An update for Rails 5   gem  protected attributes     doesn t seem to work anymore  But give   gem  protected attributes continued   a try

User · Answer

If you prefer attr accessible  you could use it in Rails 4 too  You should install it like gem   gem  protected attributes    after that you could use attr accessible in you models like in Rails 3  Also  and i think that is the best way- using form objects for dealing with mass assignment  and saving nested objects  and you can also use protected attributes gem that way  class NestedForm    include  ActiveModel  MassAssignmentSecurity    attr accessible  name                      telephone  as   create params    def create objects params        SomeModel new sanitized params params   create params      end end

[ruby-on-rails] How is attr_accessible used in Rails 4?

Examples related to ruby-on-rails

Examples related to ruby-on-rails-4