When attempting to create on a model with CanCan set as manage: all I am continuously getting this error:
ActiveModel::ForbiddenAttributesError - ActiveModel::ForbiddenAttributesError:
I found a fix online here.
That pastes this code into my applications controller:
before_filter do
resource = controller_name.singularize.to_sym
method = "#{resource}_params"
params[resource] &&= send(method) if respond_to?(method, true)
end
This leads to my issue. I have two models with belongs_to_has_many association and a method that adds an user to a group.
When I want to add an user to a group using add_user which takes the group id and the user object I now get this error.
The routine is called by:
<%= link_to 'Add', add_user_group_path(group: @group, user_id: id) %>
The method looks like this:
def add_user
group = Group.find(params[:id])
user = User.find(params[:user_id])
group.users << user
end
And this is the error:
Parameters: {"group"=>"16", "id"=>"16", "user_id"=>"332"} NoMethodError - undefined method `permit' for "16":String:
What is the before_filter method doing that would cause this error?
================ UPDATE ===================
I ended up figuring it out.
Since the group id is automatically passed in the add_user call from the controller I had to change this line:
<%= link_to 'Add', add_user_group_path(group: @group, user_id: id) %>
to:
<%= link_to 'Add', add_user_group_path(user_id: id) %>
And it now works. Turns out when you pass the @group object the param "group => x" gets parsed weird.
CanCan is not working with Rails4. Use CanCanCan, and you don't need any of these workaround. Just have some following methods just like what we normally do in Rails4.
create_params or update_params (depending on the action you are performing)
_params such as article_params (this is the default convention in rails for naming your param method)
resource_params (a generically named method you could specify in each controller)
Link Here: https://github.com/CanCanCommunity/cancancan