I removed mass assignment vulnerability of the below line :
friend = Friend.find(params[:id])
friend.update_attributes(params[:name])
by rewriting it as :
friend = Friend.find(params[:id])
friend.update_attributes(params.permit(:name))
But this gave me this error :
ActiveModel::MassAssignmentSecurity::Error (Can't mass-assign protected attributes for Friend: name):
Unpermitted parameters: id
Any idea why I am getting this error?
Edit :
I added attr_accessible :status_id
and params.permit(:id, :name)
and the error got removed. But is adding attr_accessible
the right way to do it as we write strong params to remove this line, isn't it?
you should do
or put this into an private method
and then call via
edit: i'm assuming that your params look like