Welcome to the Treehouse Community
Looking to learn something new?
chris salvi7,584 Points
Upgrade to rails 4.x for treebook went flawless until I hit one minor snag
When I login and try to post a new status, I get the error message screen telling me the following:
Now I assume this must be something new to 4.0 as I followed the video carefully and double checked my create method in my status_controller. I will post a screenshot for assurance.
Anyone know what I need to do here so I can create posts again in the upgrade app?
Matt West14,545 Points
Yep, you will need to alter the update line as you're doing mass assignment here (altering multiple attributes by passing an object).
set_status method is a nice design pattern to use.
Make sure you have a
before_filter set up that calls the method before the
You then can remove the first line of your
One note here is that you will need to change the code in your
set_status method to make sure that nobody can alter other people's statuses. Just use the first line of your current
update action instead.
# TODO: Add more actions in the array here.
# Anywhere that you need to get the status by ID (i.e. `edit`).
before_filter :set_status, only: [:update]
@status = current_user.statuses.find(params[:id])
You can also delete the following if you make sure that
user_id is not listed in your permitted parameters.
if params[:status] && params[:status].has_key?(:user_id)
Matt West14,545 Points
Rails 4 introduces some changes to how parameters are handled in controllers, specifically when it comes to mass assignments like you're doing here in your
Whereas before attributes were secured in the model using
attr_accessible, rails 4 now secures parameters in the controller.
This new feature is called strong parameters. You can read about it here: http://guides.rubyonrails.org/v4.0.8/action_controller_overview.html#strong-parameters
You now need to whitelist parameters used in mass assignments before they can be used in your controller. This change helps to prevent unwanted parameters from making their way into your database queries, making your rails app more secure.
There's two key changes you'll need to make to your code.
First, create a private
status_params method that defines the permitted parameters. See the code below for an example.
Make sure you update the parameters listed in the
permit method to match the attributes of the Status model you need to change.
Second you need to update your
create action to use
status_params instead of
params[:status] when creating the new status.
Here's a modified example of your code. I don't have the treebook project to hand, so apologies if any of this is off. It should however give you an idea of where you need to make changes.
class StatusController < ActionController::Base
# You now use status_params instead of params[:status]
@status = current_user.statuses.new(status_params)
# The rest of your code in the create action is just fine :)
# More controller actions in here...
# TODO: Change the parameters listed within `permit` to match the Status attributes you need to change.
Post your full
status_controller.rb file if you encounter any issues and I'll do my best to help out :)