i am a brand new for Ruby on Rails. I am using a ActiveAdmin and i have a problem with creating a AdminUser
ActiveModel::ForbiddenAttributesError in Admin::AdminUsersController#create ActiveModel::ForbiddenAttributesError
Request
Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"nvV++6GNTdA/nDzw1iJ6Ii84pZPcv2mzg0PK2Cg9Ag0=",
"admin_user"=>{"email"=>"[email protected]"},
"commit"=>"Create Admin user"}*
Rails 4.1.0
activeadmin 1.0.0
ruby 2.1
app/admin/admin_user.rb
ActiveAdmin.register AdminUser do
index do
column :email
column :current_sign_in_at
column :last_sign_in_at
column :sign_in_count
default_actions
end
form do |f|
f.inputs "Admin Details" do
f.input :email
end
f.actions
end
end
app/models/admin_user.rb
class AdminUser < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
after_create { |admin| admin.send_reset_password_instructions }
def password_required?
new_record? ? false : super
end
end
Gemfile
source 'https://rubygems.org'
gem 'rails', '4.1.0'
gem 'sqlite3'
gem 'sass-rails', '~> 4.0.3'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.0.0'
gem 'jquery-rails'
gem 'turbolinks'
gem 'jbuilder', '~> 2.0'
gem 'activeadmin', github: 'gregbell/active_admin'
gem 'polyamorous', github: 'activerecord-hackery/polyamorous'
gem 'ransack', github: 'activerecord-hackery/ransack'
gem 'formtastic', github: 'justinfrench/formtastic'
gem 'devise'
gem 'sdoc', '~> 0.4.0', group: :doc
config/environments/development.rb
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# In the development environment your application's code is reloaded on
# every request. This slows down response time but is perfect for development
# since you don't have to restart the web server when you make code changes.
config.cache_classes = false
# Do not eager load code on boot.
config.eager_load = false
# Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
# Don't care if the mailer can't send.
config.action_mailer.raise_delivery_errors = false
# Print deprecation notices to the Rails logger.
config.active_support.deprecation = :log
# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = :page_load
# Debug mode disables concatenation and preprocessing of assets.
# This option may cause significant delays in view rendering with a large
# number of complex assets.
config.assets.debug = true
# Adds additional error checking when serving assets at runtime.
# Checks for improperly declared sprockets dependencies.
# Raises helpful error messages.
config.assets.raise_runtime_errors = true
# Raises error for missing translations
# config.action_view.raise_on_missing_translations = true
# Sending emails works
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
end
Rails 4
uses strong parameters, which moves attribute whitelisting from the model to the controller. It is necessary to specify the attributes that you would like to be saved in the database. You have not permitted the attributes in your code, which is why you are receiving the ActiveModel::ForbiddenAttributesError
.
Refer to the documentation of ActiveAdmin : Setting up Strong Parameters
You can setup strong parameters in the following way, using permit_params
method which creates a method called permitted_params
, use this method when overriding create
or update
actions:
ActiveAdmin.register AdminUser do
## ...
permit_params :attr1, :attr2 ## Add this line
end
Replace :attr1
, :attr2
, etc with the actual attribute names that you want to whitelist. For example: :email
What you're seeing is a security feature of newer versions of Rails. You will have to create a whitelist for the attributes which can be updated by the params as entered by the user. Otherwise, you will have to set each value manually.
Here's a sample of whitelisting certain params:
ActiveAdmin.register Post do
permit_params :title, :content, :publisher_id
end
See the ActiveAdmin docs on the subject: https://github.com/gregbell/active_admin/blob/master/docs/2-resource-customization.md#setting-up-strong-parameters
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With