I'm a long time lurker who's google-fu is failing him today. I've been learning to use Rails using a video series that was created before Rails 4 came out. As such, the lectures use the attr_accessibly mass assignments. I've been attempting to convert this to working strong parameters, but am having an issue actually saving info to my PostgreSQL database.
Basically, I should go to localhost:3000/new, add a title, body, and category, then submit. This goes off without a hitch, but my /posts (which lists all posts) shows the title as /posts/(whatever row number it's on), does not display the text, and only shows a date-time stamp when clicking on the post (url). Also, my database is only storing a post/row number.
Note: I am aware of things like ActiveAdmin, but would prefer to learn how to make/save posts manually before using such modules.
Here is the post controller:
class PostsController < ApplicationController
def index
@posts = Post.all
end
def show
@post = Post.find(params[:id])
end
def new
@post = Post.new
@category = Category.all
end
def create
@post = Post.create(post_params)
if @post.save
redirect_to posts_path, :notice => "Your post has been saved"
else
render "new"
end
end
def edit
end
def update
end
def destroy
end
private
def post_params
params.require(:post).permit(:title, :body, :category_id, :author_id)
end
end
Here is the html form:
<h1>Add New Post</h1>
<%= form_for @post do |f| %>
<p>
<%= f.label :title %><br />
<%= f.text_field :title %><br />
</p>
<p>
<%= f.label :body %><br />
<%= f.text_area :body %><br />
</p>
<p>
<%= f.select :category_id, Category.all.collect {|x| [x.name, x.id]}, {:include_blank=> "Select One"}%><br />
</p>
<p>
<%= f.submit "Add Post" %>
</p>
<% end %>
And finally, the posts.rb file:
class Post < ActiveRecord::Base
# Deprecated
# attr_accessible :title, :body, :category_id, :author_id
belongs_to :category
accepts_nested_attributes_for :category
end
I am no Ruby expert, so my first thought is that the .save method requires additional arguments when using strong_parameters. Adding (post_params) to the save method didn't seem to have an effect, and I haven't been able to determine my issue using the Ruby documentation. I'd prefer to do this the "right" way, as opposed to just using the protected_attributes gem to use a deprecated (seemingly less secure) method.
Thanks in advance for any assistance you may be able to offer. When I get rich, I'll buy you a Ferrari*.
*May or may not be a Hot Wheels replica.
Eidt 2: Here is what the server throws out when attempting to POST to my database. It mentions a mass assignment error, but I thought I wasn't using them (strong params instead). Pardon my newbiness:
Started POST "/posts" for 127.0.0.1 at 2015-03-11 18:28:13 -0700
Processing by PostsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"9Ybchogw5u+sYbZOFYZtbJbXBkWC5EuCIZNUmAKyAQI=", "post"=> {"title"=>"blahblahblah", "body"=>"blahblahblah", "category_id"=>"1"}, "commit"=>"Add Post"}
WARNING: Can't mass-assign protected attributes for Post: title, body, category_id
app/controllers/posts_controller.rb:18:in `create'
[1m[36m (0.0ms)[0m [1mBEGIN[0m
[1m[35mSQL (1.0ms)[0m INSERT INTO "posts" ("created_at", "updated_at") VALUES ($1, $2) RETURNING "id" [["created_at", "2015-03-12 01:28:13.990971"], ["updated_at", "2015-03-12 01:28:13.990971"]]
[1m[36m (2.0ms)[0m [1mCOMMIT[0m
[1m[35m (0.0ms)[0m BEGIN
[1m[36m (0.0ms)[0m [1mCOMMIT[0m
Redirected to http://localhost:3000/posts
Completed 302 Found in 10ms (ActiveRecord: 3.0ms)
And the index view. This is a training exercise, so it's just text, no styling:
<h1>Blog Posts</h1>
<% @posts.each do |post| %>
<h3><%= link_to post.title, post %></h3>
<p><%= post.body %></p>
<% end %>
