For my rails 3.2.3 app, I am using attr_encryptor, which is a fork by danpal of attr_encrypted. I have followed the instructions as given here, but I am getting the following error message when I try to create a new Patient record:
ActiveModel::MassAssignmentSecurity::Error in PatientsController#create
Can't mass-assign protected attributes: mrn, last_name, first_name, date_of_birth(1i), date_of_birth(2i), date_of_birth(3i)
As the instructions say, I have added encrypted_#{field}, encrypted_#{field}_salt, and encrypted_#{field}_iv columns to my Patients table while dropping their non-encrypted counterparts.
The Patient model looks like:
class Patient < ActiveRecord::Base
attr_accessible :age, :gender
attr_encrypted :last_name, :key => 'key 1'
attr_encrypted :first_name, :key => 'key 2'
attr_encrypted :mrn, :key => 'key 3'
attr_encrypted :date_of_birth, :key => 'key 4'
# ...
end
My create method in my Patient controller looks like:
PatientsController < ApplicationController
# ...
def create
@patient = Patient.new
@patient.first_name = params[:patient][:first_name]
@patient.last_name = params[:patient][:last_name]
@patient.mrn = params[:patient][:mrn]
@patient.date_of_birth = Date.new(params[:patient]['date_of_birth(1i)'],
params[:patient]['date_of_birth(2i)'],
params[:patient]['date_of_birth(3i)'])
if @patient.save
# do stuff
else
# do other stuff
end
end
# ...
end
What am I doing wrong? Thanks in advance for the help!
You need to mark these attributes with
attr_accessibleas well asattr_encryptedsince the latter does not imply the former.This might also be relevant for the date field: Correct way to handle multiparameter attributes corresponding to virtual attributes