Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Ruby

Posted by Glenn Harris
Glenn Harris
7,101 Points

Devise, Ruby 4, attr_accessible

I'm using Rails 4.0.1 and I know the Treebook app in the videos was built with an earlier version.

When installing devise I'd get an error when trying to attr_accessible to models/status.rb. I googled the error and learned that it's because "ActiveModel::MassAssignmentSecurity" has been taken out of ActiveModel and that now Rails 4 uses strong_parameters.

Because I am a beginner I'm having difficulty troubleshooting and finding a way to use the new model with devise. I'd prefer not to downgrade my version of Rails.

Can anyone help?

3 Answers

Lillian Flora
Lillian Flora
7,936 Points
Lillian Flora
Lillian Flora
7,936 Points

In Rails 4 you no longer set attr_accessible in the model, instead you protect the attributes in the controller like this:

private

    def users_params
       params.require(:user).permit(:name, :email, :password, :password_confirmation)
    end
Kirill Kovalchuk
Kirill Kovalchuk
2,533 Points

Just to fullfill the answer:

In Rails 4 to permit passing certain params to a model, you have to whitelist them. How devise plays with them in described in the devise documentation here You can find more about strong parameters at rails documentation here

This is what I did when I've been walking through the Build a Simple Ruby on Rails Application:

  before_filter :configure_permitted_parameters, if: :devise_controller?                                                                                                                   

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) do |u| 
      u.permit :first_name, :last_name, :password_confirmation, :password, :email
    end 
  end
Kirill Kovalchuk
Kirill Kovalchuk
2,533 Points

Sorry for formatting (just copied it from vim) and it seems like there are lots of whitespaces there.

BTW, can not edit the posting...

Hethe Berg
Hethe Berg
6,963 Points 
class ApplicationController < ActionController::Base
    # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  before_filter :configure_permitted_parameters, if: :devise_controller?


protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit( :first_name, :last_name, :profile_name, :password_confirmation, :password, :email ) }
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit( :profile_name, :password, :email ) }
  end

end
Hethe Berg
Hethe Berg
6,963 Points
Hethe Berg
Hethe Berg
6,963 Points

For Rails 4 and Devise:

It's tricky for me as I'm a noob. It's a two part solution for the controller page: Works for me, FYI, I use a :profile_name here and you may not

class ApplicationController < ActionController::Base
    # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  before_filter :configure_permitted_parameters, if: :devise_controller?


protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit( :first_name, :last_name, :profile_name, :password_confirmation, :password, :email ) }
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit( :profile_name, :password, :email ) }
  end

end
John Steer-Fowler
PLUS
John Steer-Fowler
Courses Plus Student 11,734 Points
John Steer-Fowler
John Steer-Fowler
Courses Plus Student 11,734 Points

Hi there Glenn,

I recommend that you downgrade your version of rails to 3 to follow along with the tutorials, it makes it a lot more simple.

However, if you really want to continue the way you are, I believe you do not need to do anything for attr_accessible, it is built into rails 4.

Hope this helps