Strong params in rails

Question

Strong params in rails

357 views Asked by Hellboy At 25 October 2024 at 22:50

I removed mass assignment vulnerability of the below line :

friend = Friend.find(params[:id])
friend.update_attributes(params[:name])

by rewriting it as :

friend = Friend.find(params[:id])
friend.update_attributes(params.permit(:name))

But this gave me this error :

ActiveModel::MassAssignmentSecurity::Error (Can't mass-assign protected attributes for Friend: name):
Unpermitted parameters: id

Any idea why I am getting this error?

Edit :

I added attr_accessible :status_id and params.permit(:id, :name) and the error got removed. But is adding attr_accessible the right way to do it as we write strong params to remove this line, isn't it?

Original Q&A

There are 3 answers

**rob** · Answer 1 · 2015-06-16 18:23:22

you should do

friend.update_attributes(params.require(:friend).permit(:name))

or put this into an private method

private
def object_params
  params.require(:friend).permit(:name)
end

and then call via

friend.update_attributes object_params

edit: i'm assuming that your params look like

{friend:{name:'xxxxx'},id:xx}

**WhyEnBe** · Answer 2 · 2015-06-16 15:57:27

WhyEnBe On 16 June 2015 at 15:57

Try updating your code as friend.update_attributes(params.permit(:name, :id)) to allow that parameter.

**Chitra** · Answer 3 · 2015-06-17 15:47:59

Don't write the attr_accessible in model, Rails 4 uses the strong parameter.

Try this code .

friend = Friend.find(params[:id])
friend.update_attributes(friend_params)

private

  def friend_params    
    params.require(:friend).permit!    
  end

TechQA.

Strong params in rails

There are 3 answers

Related Questions in RUBY-ON-RAILS

Related Questions in SECURITY

Related Questions in RUBY-ON-RAILS-4

Related Questions in MASS-ASSIGNMENT

Popular Questions

Popular Tags

Trending Questions