ActiveModel::ForbiddenAttributesError why Rails ignore Strong_params? - ruby-on-rails

class PostsController < ApplicationController
def new
end
def create
#post = Post.new(params[:post])
#post.save
redirect_to #post
end
private
def post_params
params.require(:post).permit(:title, :text)
end
def show
#post = Post.find(params[:id])
end
def index
#posts=Post.all
end
end

You'll need to improve your code (you've set your index and show methods as private!):
class PostsController < ApplicationController
def new
#post = Post.new
end
def create
#post = Post.new(post_params)
#post.save
redirect_to #post
end
def show
#post = Post.find(params[:id])
end
def index
#posts=Post.all
end
private
def post_params
params.require(:post).permit(:title, :text)
end
end
As per the strong params documenation, you need to call the private method with your strong params inside in order to pass them

Because you're not using it.
Replace params[:post] with your method post_params.

Make post_params method as private method but not other method
private
def post_params
params.require(:post).permit(:title, :text)
end
Call it where you want to use like this.
def create
#post = Post.new(post_params)
#post.save
redirect_to #post
end

Related

update_attributes the data in ruby on rails

I am working on ruby on rails , I am trying to update my data
def update
#post = Post.find(params[:id])
if #post.update_attributes(params[:post])
redirect_to post_path,:notice =>"post has been updated"
else
render "edit"
end
end
it's not updating and the error coming is :-
ActiveModel::ForbiddenAttributesError in PostsController#update
Help me !
You cannot just update values based on params[:post], you will have to whitelist them using strong params.
Basically white post params like this in the controller
def post_params
params.require(:post).permit(:title, :description)
end
And then in the controller
def update
#post = Post.find(params[:id])
if #post.update_attributes(post_params)
redirect_to post_path,:notice =>"post has been updated"
else
render "edit"
end
end
private
def post_params
params.require(:post).permit(:title, :description)
end

ActiveModel::ForbiddenAttributesError while creating a new entry

I am new to Ruby on Rails and I was trying to create a simple app when I ended up having a ActiveModel::ForbiddenAttributesError
class PostsController < ApplicationController
def index
#posts = Post.all
end
def show
#post = Post.find(params[:id])
end
def new
#post =Post.new
end
def create
#post = Post.new(params[:post])
if #post.save
redirect_to post_path,:notice=>"success"
else
render "new"
end
end
def edit
end
def update
end
def destroy
end
private
def post_params
params.require(:post).permit(:Title, :content)
end
end
I have seen a similar error here but the solution for that did not fix my issue.
My version of rails is 4.2.0.
The error displayed is
You can't use that params[:post] hash (or any params[*] hash) directly in any mass-assignment method, you need to use a permit call so Rails knows you've checked it and to allow it.
So, change your Post.new to #post = Post.new(post_params)
Change #post = Post.new(params[:post]) to #post = Post.new(post_params).
I think that
def create
#post = Post.new post_params
if #post.save
flash[:success] = "Created new post"
redirect_to #post
else
render 'new'
end
end
def create
#post = Post.new(posts_params)
if #post.save
redirect_to post_path,:notice=>"success"
else
render "new"
end
end
private
def posts_params
params.require(:post).permit(:Title, :content)
end

Ruby syntax error - unexpected end-of-input, expecting keyword_end

I have this error in Rails 4.1.4, but I can't see where should be the problem:
syntax error, unexpected end-of-input, expecting keyword_end
class PostsController < ApplicationController
def index
#posts = Post.all
end
def show
#post = Post.find(params[:id])
end
def new
#post = Post.new
end
def create
#post= Post.new(post_params)
if #post.save
redirect_to posts_path
else
render "new"
end
end
def edit
end
def update
end
def destroy
end
private
def post_params
params.require(:post).permit(:title, :content)
end
end
Try adding this in new method
Post.new(params[:post].permit(:title, :content)
and remove that private method
The Problem i see with is with where you declared the private method, you did not indent the post_params method properly and the private method has no "end"
Do this instead..
private
def post_params
params.require(:post).permit(:title, :content)
end
end

Why does app go to the create.html.erb view after post submission instead of show.html.erb view? rails 4

Right now in my rails 4 app after the user submits a post I want the app to redirect/render the show view, but right now it just goes to the create view. Here is my Posts controller:
class PostsController < ApplicationController
def show
#post = Post.find(params[:id]) # show
end
end
def new
#post = Post.new
end
def create
#post = Post.new(post_params)
private
def post_params
params.require(:post).permit(:Title, :Body) #whatsoever your post has
end
#redirect_to post_path(#post)
if #post.save
redirect_to #post.find(params[:id])
else
render :new
end
end
Here are my routes:
Rails.application.routes.draw do
root :to => "pages#index"
devise_for :users
resources :users
resources :pages
resources :posts
end
Thanks for your help.
Looks like there's a few bits of code in wrong places - end statements, and your final if statement at the bottom, which doesn't seem to be in any method.
Something like this should work:
class PostsController < ApplicationController
def show
#post = Post.find(params[:id]) # show
end
def new
#post = Post.new
end
def create
#post = Post.new(post_params)
if #post.save
redirect_to #post.find(params[:id])
else
render :new
end
end
private
def post_params
params.require(:post).permit(:title, :body) #whatsoever your post has
end
end
First, the redirect is wrong. It should be simply:
redirect_to #post
After fixing that, it could be re-rendering because there was an error validating the #post. If #post.save fails the form will be re-rendered, but the URL will stay pointed at the create action.

Ruby on rails 4 attr_accessible

I am trying to access the database and enter some info. it gives me an error saying "undefined local variable or method `post_params' for #< PostsController:0x00000005aad728>"
i know this has been answered here.
but i tried following what they did, and it just does not work, can someone help me with this?
class PostsController < ApplicationController
def index
#post = Post.all
end
def show
#post = Post.find(params[:id])
end
def new
#post = Post.new
end
def create
#post = Post.new(post_params)
if #post.save
redirect_to posts_path, :notice => "Your post was saved"
else
render ="new"
end
private
def post_params
params.require(:post).permit(:title, :content)
end
end
end
Your end for create method is enclosing the private keyword and post_params method. Update it as:
def create
#post = Post.new(post_params)
if #post.save
redirect_to posts_path, :notice => "Your post was saved"
else
render ="new"
end
end # Add end here
private
def post_params
params.require(:post).permit(:title, :content)
end
end # Remove this end
You define your post_params method inside of create method. Move it outside of it and all will be working.

Resources