Using ActiveAdmin to edit/create Users -- ForbiddenAttributesError

Question

So I've gone through the Rails tutorial here:

http://ruby.railstutorial.org/ruby-on-rails-tutorial-book

and am trying to get ActiveAdmin to be able to delete Users. Via the tutorial, my User model has_secure_password and also has a remember_token attribute. Consequently, when I go to my ActiveAdmin Users page and try to edit a User, the fields that are to be filled in are: Username, Email, Password Digest, Remember Token.

When I, for instance, modify the name field and try to submit the edit request, I get a ActiveModel::ForbiddenAttributesError. This happens when I try to create a User as well. I'm thinking this obviously has something to do with my authentication/password setup, but being fairly new to Rails, I'm not sure where to start looking. Any ideas?

EDIT: I tried adding this to my app/admin/user.rb file:

controller do
  def resource_params
    return [] if request.get?
    [ params.require(:active).permit(:name, :email, :password_digest, :remember_token) ]
  end
end

and this error in my stack trace disappears:

Unpermitted parameters: utf8, _method, authenticity_token, commit, id

Now, when I hit update within ActiveAdmin, I no longer get a ForbiddenAttributesError. Instead, the page reloads, but the changes aren't committed, and I get this message in my terminal:

 Started PATCH "/admin/users/59" for ...
 ...
 ...
 (0.1ms)  begin transaction
 User Exists (0.5ms)  SELECT 1 AS one FROM "users" WHERE (LOWER("users"."email") = LOWER('[email protected]') AND "users"."id" != 59) LIMIT 1
 (0.2ms)  rollback transaction

This is my users_controller.rb:

def update
  @active = Active.find(params[:id])
  if @active.update_attributes(active_params)
    flash[:success] = "Profile updated"
    redirect_to @active
  else
    render 'edit'
  end
end

private

  def active_params
    return [] if request.get?
    [ params.require(:active).permit(:name, :email, :password_digest, :remember_token) ]
  end

Answer 1

I don't know ActiveAdmin specifically, but your error says you're not permitting your id param

---

Params

You've got your params like this:

params.permit user: [:name, :email, :password_digest, :remember_token ]

I'd start by trying this:

params.require(:user).permit(:name, :email, :password_digest, :remember_token)

---

ActiveAdmin

How to get ActiveAdmin to work with Strong Parameters?

According to this question, you'll need to look at the official documentation and may be able to try this:

   config.before_filter do
       params.permit!
   end