permit_params not working for custom create action

Question

I can't understand why permit_params wont work with custom create action.

For example lets take basic AdminUser resource.

By default all is working fine. We have:

ActiveAdmin.register AdminUser do
  permit_params :email, :password, :password_confirmation

  form do |f|
    f.inputs "Admin Details" do
      f.input :email
      f.input :password
      f.input :password_confirmation
    end
    f.actions
  end
end

But as soon we add custom create for some reasons permit_params wont work anymore.

ActiveAdmin.register AdminUser do
  permit_params :email, :password, :password_confirmation

  form do |f|
    f.inputs "Admin Details" do
      f.input :email
      f.input :password
      f.input :password_confirmation
    end
    f.actions
  end

  controller do
    def create
      AdminUser.create(params[:admin_user])
      do_some_magic_stuff_here
      redirect_to backend_admin_users_path, notice: 'Custom create'
    end
  end
end

I got error "ActiveModel::ForbiddenAttributesError" in line "AdminUser.create(params[:admin_user])"

Tried many possible solutions and only one worked for me, but i really don't like this:

def create
  AdminUser.create(params[:admin_user].permit(:email, :password, :password_confirmation))
  do_some_magic_stuff_here
  redirect_to admin_admin_users_path, notice: 'Custom create'
end

I can't understand why i can't get to work default way as it should work:

def admin_user_params
  params.require(:admin_user).permit(:email, :password, :password_confirmation)
end

Can someone explain me please what is happening here? Any nice way to have custom actions work with permit_params?

Answer 1

permit_params is just part of the AA DSL that defines a method called permitted_params, which in turn is called from the create and update actions. Try this:

permit_params :email, :password, :password_confirmation

controller do
  def create
    @admin_user = AdminUser.create(permitted_params)
    do_some_magic_stuff_here
    redirect_to backend_admin_users_path, notice: "Custom create"
  end
end

permit_params is really just a simpler form of the old, but still valid way of enabling strong parameters:

controller do
  def permitted_params
    params.permit admin_user: [:email, :password, :password_confirmation]
  end
end

Answer 2

Been struggling with the same problem here. The most strange thing is that it works on nitrous.io box but on my production server it doesn't. I've checked and I'm using the same rails 4.2.0 version.

Regards Fak