Search code examples
ruby-on-railsstrong-parametersattr-accessible

Rails 4 validation attr_acessible error

I'm following Micheal Hartl's Ruby on Rails Tutorial Book.I'm testing validation for the presence of name and email in the sample_app.In rails console, I'm running 

user = User.new(:email => "[email protected]")

to test an absent name value but I'm getting in return;

attr_accessible is extracted out of Rails into a gem.
Please use new recommended protection model for params(strong_parameters)
or add 'protected_attributes' to your Gemfile.

My user.rb is,

class User < ActiveRecord::Base

attr_accessible :name, :email

validates :name, :presence => true
validates :email, :presence => true
end

Because I'm not sure how to use strong_parameters I added protected_attributes to my Gemfile like so,

source 'https://rubygems.org'

gem 'protected_attributes'

# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '4.0.2'

# Use sqlite3 as the database for Active Record
gem 'sqlite3'

# Use SCSS for stylesheets
gem 'sass-rails', '~> 4.0.0'

gem 'uglifier', '>= 1.3.0'


gem 'coffee-rails', '~> 4.0.0'


 gem 'therubyracer', platforms: :ruby
gem 'jquery-rails'
gem 'turbolinks'
gem 'jbuilder', '~> 1.2'

group :doc do
 # bundle exec rake doc:rails generates the API under doc/api.
 gem 'sdoc', require: false
end
group :test do
gem 'rspec'
end

group :development do
gem 'rspec-rails'
end


# Use ActiveModel has_secure_password
# gem 'bcrypt-ruby', '~> 3.1.2'

# Use unicorn as the app server
# gem 'unicorn'

# Use Capistrano for deployment
# gem 'capistrano', group: :development

# Use debugger
# gem 'debugger', group: [:development, :test]

How can I get my validation to work?

Solution

  • Micheal Hartl's Ruby on Rails Tutorial Book is using rails3 version. But the project you have made is in rails4.

    Rails4 uses strong parameters. If you want to go with rails3 syntax add the "protected_attributes" gem and do bundle install. What I would suggest is to use the new syntax of rails4 for the same. Instead of using attr_accessible in User model, make a private method in the users_controller.

    private

def user_params
  params.require(:user).permit(:name, :email)
end