Rails: Save Attribute not working

Question

I have a library (mylib.rb) where I defined some classes and methods. It is available to controllers and views (I verified that).

In mylib.rb, I have:

def admins_filled (params)
  if params[:admin_selections]
    return TRUE
  end
end

def return_admins_json (params)
  admins_list = Array.new
  params[:admin_selection].each do |admin_id|
    admins_list << admin_id
  end
  return JSON.generate (admins_list)
end

In my categories_controller.rb, I have the following:

line 63:  def update
line 64:     @category = Category.find(params[:id])
line 65:    if admins_filled(params)
line 66:      params[:admins] = return_admins_json (params)
line 67:      respond_to do |format|
line 68:        if @category.update_attribute(:admins,params[:admins])
line 69:          format.html { redirect_to @category, notice: 'Category was successfully updated.' }
line 70:          format.json { head :no_content }
line 71:        end
line 72:      end
line 73:    end
line 74:
line 75:    respond_to do |format|
line 76:      if @category.update_attributes(params)
line 77:        format.html { redirect_to @category, notice: 'Category was successfully updated.' }
line 78:        format.json { head :no_content }
line 79:      else
line 80:        format.html { render action: "edit" }
line 81:        format.json { render json: @category.errors, status: :unprocessable_entity }
line 82:      end
line 83:    end
line 84: end

I am getting the following error:

Can't mass-assign protected attributes: utf8, _method, authenticity_token, commit, action, controller, id

Application trace:

app/controllers/categories_controller.rb:75:in `block in update'
app/controllers/categories_controller.rb:63:in `update'

Following are the Request parameters:

Parameters:

{"utf8"=>"✓",
 "_method"=>"put",
 "authenticity_token"=>"2xffx/uGVqo8/4aH7xEes0QL1Exjwa12p9g7HbEmBe0=",
 "admin_selections"=>{"admin1"=>"55",
 "admin2"=>"56",
 "admin3"=>"",
 "admin4"=>"",
 "admin5"=>"",
 "admin6"=>"",
 "admin7"=>"",
 "admin8"=>""},
 "commit"=>"Update Category",
 "id"=>"3",
 "admins"=>"[\"55\",
\"56\",
\"\",
\"\",
\"\",
\"\",
\"\",
\"\"]"}

I was expecting the admins column to be updated, but it looks like all the params are passed. I don't understand what's going on.

Adding categories.rb (model):

class Category < ActiveRecord::Base
  attr_accessible :admin1, :admin2, :admin3, :admin4, :admin5, :admins, :board1, :board10, :board2, :board3, :board4, :board5, :board6, :board7, :board8, :board9, :board_members, :curator1, :curator10, :curator2, :curator3, :curator4, :curator5, :curator6, :curator7, :curator8, :curator9, :curators, :description, :mission_statement, :name
  attr_accessible :admins, :curators, :board_members, :admin_selections
  has_many :events
end

Answer 1

Your error message is telling you exactly what is wrong, it wont let you mass assign.

There's a change in rails 3.2.3 that requires you to allow mass assignment explicitly

config.active_record.whitelist_attributes = false 

See here about the change

Alternatively, instead of allowing mass assignment you can set the attr_accessible for the attributes in your model that you want to be able to change, e.g.

attr_accessible :admin_selection, :commit # etc