I seem to be missing something obvious, but I am unable to permit the attributes for a nested has_one association.
def create
@crossword = Crossword.new(crossword_params)
if @crossword.save
render :show, status: :created, location: [:api, @crossword]
else
render json: @crossword.errors, status: :unprocessable_entity
end
end
def crossword_params
params.require(:crossword).permit(:title, :grid_size, grid_size_attributes: [:rows, :columns])
end
validates :title, :grid_size, presence: true
validates_associated :grid_size
has_one :grid_size
accepts_nested_attributes_for :grid_size
POST /api/crosswords.json HTTP/1.1
X-Accept: application/crosswords.v1
Content-Type: application/json
Host: localhost:3000
Connection: close
User-Agent: Paw/2.1 (Macintosh; OS X/10.10.0) GCDHTTPRequest
Content-Length: 83
{"crossword":{"title":"My Aweosme Crossword","grid_size":{"rows":15,"columns":15}}}
Started POST "/api/crosswords.json" for 127.0.0.1 at 2014-12-19 11:05:13 -0500
Processing by Api::V1::CrosswordsController#create as JSON
Parameters: {"crossword"=>{"title"=>"My Aweosme Crossword", "grid_size"=>{"rows"=>15, "columns"=>15}}}
Can't verify CSRF token authenticity
Unpermitted parameters: grid_size
(0.1ms) BEGIN
(0.1ms) ROLLBACK
Completed 422 Unprocessable Entity in 2ms (Views: 0.1ms | ActiveRecord: 0.2ms)
Am I missing something trivial? This seems to be how everyone is saying to do it.
Change "grid_size" to "grid_size_attributes" in your POST body.
If you want to continue to use "grid_size", update your crossword_params method:
def crossword_params
params[:crossword][:grid_size_attributes] = params[:crossword][:grid_size] if params[:crossword][:grid_size]
# NOTE :grid_size removed!
params.require(:crossword).permit(:title, grid_size_attributes: [:rows, :columns])
end