Topic: Can't mass-assign protected attributes

I am using rails 3.2.3 with Ruby 1.9.3p125.

I understand Rails has added security to protect against a mass-assignment problem.
Unfortunately, it breaks my app and I can't make it go away.

As per the documentation and other posts, I have done the following:
-Turn white list off: added config.active_record.whitelist_attributes = false to application.rb
-Made all of the attributes available for updating: added attr_accessible followed by a list of all attributes to the child model's active record class.
-Also added "include ActiveModel::MassAssignmentSecurity" to the child models class.

But I still get the error "Can't mass-assign protected attributes: TcDatum_attributes"

Is there any way to turn off whatever is producing this error, at least for testing purposes?

Thanks for any help.  --Fred

Re: Can't mass-assign protected attributes

I have discovered part of the problem: declaring that an attribute is accessible actually makes it inaccessible!
In other words, attr_accessible (followed by field list) makes the attributes inaccessible to mass update.

Please kill me now.  The stupidity of this kind has made me come to despise software development.

Re: Can't mass-assign protected attributes

lol! We all get frustrated with our inability to understand what code we need to write. don't be so quick to blame the tools smile

Did you add the relevant attr_accessible columns on the TcDatum class as well?

What you want and what you need are too often not the same thing!
When your head is hurting from trying to solve a problem, stop standing on it. When you are the right way up you will see the problem differently and you just might find the solution.
(Quote by me 15th July 2009)

Re: Can't mass-assign protected attributes

BTW, attr_accessible is not new to Rails 3. It has been there since at least 2.3.2 and probably longer

What you want and what you need are too often not the same thing!
When your head is hurting from trying to solve a problem, stop standing on it. When you are the right way up you will see the problem differently and you just might find the solution.
(Quote by me 15th July 2009)

Re: Can't mass-assign protected attributes

As long as you have added the Models attributes to you attr_accessible list you should be able to resolve this error.  Can you post your Model and its related schema? 

An example is a User model with several attributes: name, age, weight.

In your User model you would need to add:

attr_accessible :name, :age, :weight

if you are going to do any kind of mass-assignment.

hope this helps.  Post back if you want more help!

Re: Can't mass-assign protected attributes

Using rails 3.2.5 and ruby 1.9.3p125

I would like to follow up on this if it adds security to my data.

in config/application.rb there is:
config.active_record.whitelist_attributes = true

in model tc_employee.rb I have:
  has_many :TcDatum
  has_many :TcProjects, :through => :TcDatum
  accepts_nested_attributes_for :TcDatum

in model tc_project.rb I have:
  has_many :TcDatum
  has_many :TcEmployees, :through => :TcDatum

in model tc_datum.rb (class TcDatum) I have:
  belongs_to :TcProject
  belongs_to :TcEmployee
  attr_accessible :list-of-all-tc_data fields, including created_at and updated_at

When I edit the child fields from TcDatum using a from created from an employee record and it's tc_data child fields, then click 'submit' (firefox) I get the error:
  Can't mass-assign protected attributes: TcDatum_attributes.

However, if I change config.active_record.whitelist_attributes to false and comment-out all of the attr_accessible lines, load the form then click 'submit', the record is saved without an error.

Is there some way of get the benefits of attr_accessible and accepts_nested_attributs_for together, or are they incompatable?

Thanks for any help --Fred

Re: Can't mass-assign protected attributes

Your relationship declarations seem wrong, relationships should be declared in lower case with underscores

in model tc_employee.rb I have:
  has_many :tc_datum
  has_many :tc_projects, :through => :tc_datum
  accepts_nested_attributes_for :tc_datum

Should do the trick, remember to change the relationship declarations in your other models as well

What you want and what you need are too often not the same thing!
When your head is hurting from trying to solve a problem, stop standing on it. When you are the right way up you will see the problem differently and you just might find the solution.
(Quote by me 15th July 2009)