0

I have the following Devise registration form (with irrelevant markup omitted):

<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { id: "payment-form" }) do |f| %>
  <%= f.fields_for resource.paid_account do |pa| %>
    <%= pa.collection_select :account_plan_id, @account_plans, :id, :name_with_price %>
  <% end %>
<% end %>

This form spits out the following HTML:

<select id="user_paid_account_account_plan_id" name="user[paid_account][account_plan_id]">
  <option value="2">Lite ($10.00/mo)</option>
  <option value="3">Professional ($20.00/mo)</option>
  <option value="4">Plus ($30.00/mo)</option>
</select>

I then have the following code in my ApplicationController:

class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) do |u|
      u.permit(
        :email,
        :password,
        :paid_account => :account_plan_id # <-- THIS IS PROBABLY WRONG
      )
    end
  end
end

When I submit my form I get "PaidAccount(#2163736620) expected, got ActionController::Parameters(#2173083140)".

I've also tried the following which doesn't give an error, but it also doesn't create a record:

  u.permit(
    :email,
    :password,
    :paid_account => []
  )

What am I doing wrong?

Jason Swett
  • 43,526
  • 67
  • 220
  • 351
  • to me also it didn't work the way you're trying, i had to put the sanitization inside the Devise RegistrationController like: `def sign_up_params params.require(:user).permit(:email, :password, :password_confirmation, :current_password, ....) end` – sissy Feb 19 '14 at 18:59

1 Answers1

0

Showing your two models (User and PaidAccount, I believe) would help a great deal. Regardless, assuming User has a one-to-one relationship with PaidAccount, the code should probably look like this:

class User < ActiveRecord::Base
  has_one :paid_account

  accepts_nested_attributes_for :paid_account
end

class PaidAcount < ActiveRecord::Base
  belongs_to :user
end

class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) do |u|
      u.permit(
        :email,
        :password,
        :paid_account_attributes => :account_plan_id
      )
    end
  end
end

Look at your logs to see how the form values are being submitted. The docs of the StrongPameters gem and Active Record's Nested Attributes should also be helpful.

Jason Swett
  • 43,526
  • 67
  • 220
  • 351
Ashitaka
  • 19,028
  • 6
  • 54
  • 69
  • Your answer is right. It turns out part of the problem was that my form was naming the `paid_account` field without the `_attributes` part, which was throwing everything off. – Jason Swett Feb 19 '14 at 20:03