Reputation: 3403
Using ActiveAdmin to edit/create Users -- ForbiddenAttributesError
So I've gone through the Rails tutorial here:
http://ruby.railstutorial.org/ruby-on-rails-tutorial-book
and am trying to get ActiveAdmin to be able to delete Users. Via the tutorial, my User model has_secure_password and also has a remember_token attribute. Consequently, when I go to my ActiveAdmin Users page and try to edit a User, the fields that are to be filled in are: Username, Email, Password Digest, Remember Token.
When I, for instance, modify the name field and try to submit the edit request, I get a ActiveModel::ForbiddenAttributesError. This happens when I try to create a User as well. I'm thinking this obviously has something to do with my authentication/password setup, but being fairly new to Rails, I'm not sure where to start looking. Any ideas?
EDIT: I tried adding this to my app/admin/user.rb file:
controller do
def resource_params
return [] if request.get?
[ params.require(:active).permit(:name, :email, :password_digest, :remember_token) ]
end
end
and this error in my stack trace disappears:
Unpermitted parameters: utf8, _method, authenticity_token, commit, id
Now, when I hit update within ActiveAdmin, I no longer get a ForbiddenAttributesError. Instead, the page reloads, but the changes aren't committed, and I get this message in my terminal:
Started PATCH "/admin/users/59" for ...
...
...
(0.1ms) begin transaction
User Exists (0.5ms) SELECT 1 AS one FROM "users" WHERE (LOWER("users"."email") = LOWER('[email protected]') AND "users"."id" != 59) LIMIT 1
(0.2ms) rollback transaction
This is my users_controller.rb:
def update
@active = Active.find(params[:id])
if @active.update_attributes(active_params)
flash[:success] = "Profile updated"
redirect_to @active
else
render 'edit'
end
end
private
def active_params
return [] if request.get?
[ params.require(:active).permit(:name, :email, :password_digest, :remember_token) ]
end
Upvotes: 4
Views: 7699
Answers (3)
Reputation: 4242
User.rb for ActiveAdmin example
In this case, User has_one :account
ActiveAdmin.register User do
config.batch_actions = false
# Your params here
permit_params :first_name, :last_name, :email,
:born_date, :password, :password_confirmation, :account,
account_attributes: [:country_id,:university_id, :english_level]
# stuff
end
Upvotes: 0
Reputation: 3195
This is an existing problem with Active Admin: https://github.com/gregbell/active_admin/issues/2595
Which is a symptom of setting:
config.action_controller.action_on_unpermitted_parameters = :raise
I don't know of a solution as of yet, and as you can see no one has commented on that ticket. The most expedient option would be not to :raise on unpermitted parameters, but to use the default behavior of skipping over them.
Upvotes: 4
Reputation: 76774
I don't know ActiveAdmin specifically, but your error says you're not permitting your id param
Params
You've got your params like this:
params.permit user: [:name, :email, :password_digest, :remember_token ]
I'd start by trying this:
params.require(:user).permit(:name, :email, :password_digest, :remember_token)
ActiveAdmin
How to get ActiveAdmin to work with Strong Parameters?
According to this question, you'll need to look at the official documentation and may be able to try this:
config.before_filter do
params.permit!
end
Upvotes: 5
Related Questions
- ActiveModel::ForbiddenAttributesError when creating new user
- ActiveModel::UnknownAttributeError: unknown attribute 'admin' for User
- am having "ActiveModel::ForbiddenAttributesError in UsersController#create"
- ForbiddenAttributesError with Active Admin
- How can I fix a ActiveModel::ForbiddenAttributesError in rails
- Rails 4 and Active Admin: ActiveModel::ForbiddenAttributesError
- I get ActiveModel::ForbiddenAttributesError with Active Admin and Devise
- Active_admin error on #new and #edit
- ActiveAdmin ForbiddenAttributesError
- Can't update resource from ActiveAdmin interface -- ActiveModel::ForbiddenAttributesError