Reputation: 515
ActiveModel::ForbiddenAttributesError in comments controller
I have a comments controller and a products controller. It fails on the create action of the comments controller with a Forbidden Attributes error.
I have removed all the attr_accessible from the models and moved them to the controller. Still something is wrong. I can't figure out what. Please can anyone tell me what I am missing.
@comment = @commentable.comments.new(params[:comment]) <--- Fail here
Live Shell o/p from Better Errors :
>> params[:comment]
=> {"content"=>"thanks"}
>> @commentable
=> #<Product id: 1, title: "Coffee Mug", description: "<p> This coffee mug blah blah", image_url: "http://coffee.com/en/8/82/The_P...", price: #<BigDecimal:7ff8769a9e00,'0.999E1',18(45)>, tags: nil, created_at: "2014-02-24 14:49:34", updated_at: "2014-02-24 14:49:34">
>> @commentable.comments
=> #<ActiveRecord::Associations::CollectionProxy []>
>> @commentable.comments.new(params[:comment])
!! #<ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError>
>>
Comment Controller :
class CommentsController < ApplicationController
def new
@comment = @commentable.comments.new
end
def create
@comment = @commentable.comments.new(params[:comment]) <-- fail here
if @comment.save
redirect_to product_path(params[:product_id])
else
render :new
end
end
def comments_params
params.require(:comments).permit(:commentable, :product_id, :content)
end
Product Controller :
class ProductsController < ApplicationController
def show
@product = Product.find(params[:id])
@commentable = @product
@comments ||= Comment.where(:commentable_id => params[:id])
@comment = Comment.new
end
def product_params
params.require(:product).permit(:title, :description, :image_url, :price, :tags, comments_attributes: [:product_id, :content])
end
Models : product.rb
class Product < ActiveRecord::Base
has_many :comments, as: :commentable
accepts_nested_attributes_for :comments
end
comment.rb
class Comment < ActiveRecord::Base
belongs_to :commentable, polymorphic: true
end
Upvotes: 2
Views: 682
Answers (1)
Reputation: 53038
I am guessing that you are using Rails4 as you have implemented comments_params method.
In Rails 4, strong parameters is used to move mass-assignment protection out of the model and into the controller. You have implemented the method comments_params but are not using it.
Replace
@comment = @commentable.comments.new(params[:comment])
with
@comment = @commentable.comments.new(comments_params)
Also, update comments_params as follows
def comments_params
params.require(:comment).permit(:commentable, :product_id, :content)
end
NOTE: require singular :comment and not plural :comments
Upvotes: 6
Related Questions
- ActiveModel::ForbiddenAttributesError on comments scaffold for blog
- Ruby on Rails: ActiveModel::ForbiddenAttributesError with strong params
- ActiveModel::ForbiddenAttributesError when tried to add new comment
- Adding Comments to a Model and Strong Parameters in Rails 4 Throwing an Error
- How to get past this error ActiveModel::ForbiddenAttributesError, I need comments able to be posted
- ActiveModel::ForbiddenAttributesError in CommentsController#create
- ActiveModel::ForbiddenAttributesError - strong parameters
- ActiveModel::ForbiddenAttributesError Ruby On Rails
- ActiveModel::ForbiddenAttributesError why Rails ignore Strong_params?
- Params Error (ActiveModel::ForbiddenAttributesError)