Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Ruby Build a Simple Ruby on Rails Application Creating an Authentication System Generating the Devise Views

attr_accessible depreciated

I'm using rails 4.1.0 with ruby 2.1.1 and the attr_accessible no longer works in this version. what is the new way of doing this?

5 Answers

Chris Dziewa
Chris Dziewa
17,781 Points

Although I haven't actually done this transition, I know there are two ways to proceed. Either you can install the rails version and simple_form/bootstrap versions used by the tutorial and follow it exactly as is, or you can do a lot of googling and searching the forums here for information about the hiccups you face. To fix attr_accessible you want to learn about strong parameters which is the new way of protecting your forms. This blog post may be a good starting point, also there have been quite of posts about this here in the forum and probably on Stack Overflow too.

Andrzej Mega
Andrzej Mega
1,184 Points

I'm having the same problem.

First I had a problem with updating the "user_id" when editing the status. after fixing that with a solution from this post : https://teamtreehouse.com/forum/nilnilclass-ruby-400 - I was able to EDIT the user_id.

Now it saves, and it works, BUT... I cannot call any of the @status.user.xxxxxxxx parameters outsite the SHOW page. So if I'm on the Index page - I get the usual error of: NoMethodError in Statuses#index undefined method `user' for nil:NilClass

Is there anything else I need to add to the status_controller.rb file ??


ALSO - i forgot to mention that to save ALL fields when registering I had to modify the application_controller.rb file with suggestion from the DEVISE documentation . so added this code to it:

before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:first_name, :last_name, :profile_name, :email, :password, :password_confirmation)} end

I found a ruby gem that allows you to still use attr_accessible in rails 4


Andrzej Mega
Andrzej Mega
1,184 Points

Thanks, I still would like to find out how to fix this without a workaround though :)

Same! Can anyone shed some light on how to define new methods with strong params.

its easy enough to add feilds as above:

before_filter :configure_permitted_parameters, if: :devise_controller?


def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :first_name, :last_name, :password, :password_confirm, :user_id) } end

But to define first_name and last name as 'full_name' you would need to add something like,

def full_name first_name + " " + last_name end

I've tried this in the controllers as suggested by the strong parameters documentation on api.rubyonrails.org, I am still getting an undefined method error as above.

I am interested in learning ruby on rails, not simple building a treebook app, I understand there is an gem to use attr_accessible however they must have removed it from rails for a reason (assuming it wasn't as secure) so does anyone know the trick to defining methods with strong params?


Chris Dziewa
Chris Dziewa
17,781 Points

Try the link in my above post for converting to strong parameters.