ActiveModel ForbiddenAttributesError when creating new user

Question

I have this model in Ruby but it throws a ActiveModel  ForbiddenAttributesError  class User  lt  ActiveRecord  Base   attr accessor  password   validates  username   presence   gt  true   uniqueness   gt  true   length   gt    in   gt  3  20    VALID EMAIL REGEX     A  w  -     a-z d -      a-z   z i   validates  email  presence  true   uniqueness   gt  true  format    with  VALID EMAIL REGEX      validates  password   confirmation   gt  true   validates length of  password   in   gt  6  20   on   gt   create    before save  encrypt password   after save  clear password    def encrypt password     if password present        self salt   BCrypt  Engine generate salt       self encrypted password  BCrypt  Engine hash secret password  salt      end   end    def clear password     self password   nil   end end   when I run this action    def create      user   User new params  user       if  user save       flash  notice     You Signed up successfully        flash  color    valid      else       flash  notice     Form is invalid        flash  color    invalid      end     render  new    end   on ruby 1 9 3p194  2012-04-20 revision 35410   x86 64-linux    Can you please tell me how to get rid of this error or establish a proper user registration form

User · Answer

If you are on Rails 4 and you get this error, it could happen if you are using enum on the model if you've defined with symbols like this:

class User
  enum preferred_phone: [:home_phone, :mobile_phone, :work_phone]
end

The form will pass say a radio selector as a string param. That's what happened in my case. The simple fix is to change enum to strings instead of symbols

enum preferred_phone: %w[home_phone mobile_phone work_phone]
# or more verbose
enum preferred_phone: ['home_phone', 'mobile_phone', 'work_phone']

User · Answer

For those using CanCan  People might be experiencing this if they use CanCan with Rails 4   Try AntonTrapps s rather clean workaround solution here until CanCan gets updated   In the ApplicationController   before filter do   resource   controller name singularize to sym   method      resource  params    params resource   amp  amp   send method  if respond to  method  true  end   and in the resource controller  for example NoteController    private def note params   params require  note  permit  what   ever  end   Update   Here s a continuation project for CanCan called CanCanCan  which looks promising   CanCanCan

User · Answer

I guess you are using Rails 4  If so  the needed parameters must be marked as required   You might want to do it like this   class UsersController  lt  ApplicationController    def create      user   User new user params              end    private    def user params     params require  user  permit  username   email   password   salt   encrypted password    end end

User · Answer

There is an easier way to avoid the Strong Parameters at all  you just need to convert the parameters to a regular hash  as   unlocked params   ActiveSupport  HashWithIndifferentAccess new params   model create  unlocked params    This defeats the purpose of strong parameters of course  but if you are in a situation like mine  I m doing my own management of allowed params in another part of my system  this will get the job done

User · Answer

Alternatively you can use the Protected Attributes gem  however this defeats the purpose of requiring strong params  However if you re upgrading an older app  Protected Attributes does provide an easy pathway to upgrade until such time that you can refactor the attr accessible to strong params

User · Answer

If using ActiveAdmin don t forget that there is also a permit params in the model register block   ActiveAdmin register Api  V1  Person do   permit params  name   address   etc end   These need to be set along with those in the controller   def api v1 person params   params require  api v1 person  permit  name   address   etc  end   Otherwise you will get the error   ActiveModel  ForbiddenAttributesError

User · Answer

For those using CanCanCan   You will get this error if CanCanCan cannot find the correct params method   For the  create action  CanCan will try to initialize a new instance with sanitized input by seeing if your controller will respond to the following methods  in order     create params  lt model name gt  params such as article params  this is the default convention in rails for naming your param method  resource params  a generically named method you could specify in each controller    Additionally  load and authorize resource can now take a param method option to specify a custom method in the controller to run to sanitize input   You can associate the param method option with a symbol corresponding to the name of a method that will get called   class ArticlesController  lt  ApplicationController   load and authorize resource param method   my sanitizer    def create     if  article save         hurray     else       render  new     end   end    private    def my sanitizer     params require  article  permit  name    end end   source  https   github com CanCanCommunity cancancan 33-strong-parameters

[ruby-on-rails] ActiveModel::ForbiddenAttributesError when creating new user

Examples related to ruby-on-rails

Examples related to rails-activerecord