Can't mass-assign protected attributes even if I use attr_accessible

Question

I'm working on a Rails 3.2.2 application which has JSON APIs and I use a CLI client for inserting some data. It works fine except for the Author model. When I try to create a new post (Post belongs_to :author and Author has_many :posts) I get the following error :

<h1>
  ActiveModel::MassAssignmentSecurity::Error in PostsController#create
</h1>
<pre>Can't mass-assign protected attributes: name</pre>

I did lots of researches on the topic but I found no working solution :-(

I use attr_accessible to avoid MassAssignent errors and it works for all others models but not for the "Author" name attribute.

Here is the Author model :

class Author < ActiveRecord::Base
  attr_accessible :name, :email

  extend FriendlyId
  friendly_id :name, use: :slugged

  # some validations

  has_many :posts
  #authlogic
  acts_as_authentic

  # some stuffs
end

Actually, I have disabled whitelist_attributes and it solved my problem but I suppose that it is not the convenient way to do this (and probably not a good idea).

My questions are : Why the attr_accessible does not work here ? And how can I solve the problem without disabling the whitelist ?

Thank you,

Revan

EDIT :

The method which creates the new post :

def create
  @post = Post.new(params[:post])
  @post.author = current_author
  # respond to etc.
end

current_author finds the author using a given API Key.

Do the other models use `friendly_id`? Is it possible it "undoes" some of what `attr_accessible` does? Haven't checked, and don't know anything about it--just an idea. — Dave Newton, Apr 27 '12 at 17:31
Thank you for your answer. Almost all other models use friendly_id — R3v4n, Apr 27 '12 at 17:35
we need to see the code you are using when you try to create the objects. What syntax are you using? Are you creating the objects through associations or just through the models directly? — cpjolicoeur, Apr 27 '12 at 18:27
you posted more code about how you made a new Post object, but your question is about creating a new Author object, not a Post object — cpjolicoeur, Apr 27 '12 at 19:13
No the question is about creating new Post object because I get this error while I'm creating a new post through the CLI client which sends JSON data to the Post#create method (see error message). — R3v4n, Apr 27 '12 at 19:51

score 1 · Accepted Answer · answered May 01 '12 at 14:52

I found the solution ! :-)

The problem was that I used acts_as_taggable_on_steroids plugin which does not work on Rails 3.2 ...

Since "Author" is the only model which has a :name attribute, I thought that the problem came from Author ... but the problem was in the Tag model (which is in the acts_as_taggable_on_steroid plugin). Indeed, its :name attribute is not "accessible".

So, I use the acts_as_taggable_on gem (https://github.com/mbleigh/acts-as-taggable-on) which correctly works on Rails 3.x

Can't mass-assign protected attributes even if I use attr_accessible

1 Answers1