ActiveModel::ForbiddenAttributesError in comments controller

StackOverflow https://stackoverflow.com/questions/21994781

  •  16-10-2022
  •  | 
  •  

Question

I have a comments controller and a products controller. It fails on the create action of the comments controller with a Forbidden Attributes error.

I have removed all the attr_accessible from the models and moved them to the controller. Still something is wrong. I can't figure out what. Please can anyone tell me what I am missing. 

 @comment = @commentable.comments.new(params[:comment]) <--- Fail here

Live Shell o/p from Better Errors :

   >> params[:comment]
   => {"content"=>"thanks"}

   >> @commentable
   => #<Product id: 1, title: "Coffee Mug", description: "<p> This coffee mug blah blah", image_url: "http://coffee.com/en/8/82/The_P...", price: #<BigDecimal:7ff8769a9e00,'0.999E1',18(45)>, tags: nil, created_at: "2014-02-24 14:49:34", updated_at: "2014-02-24 14:49:34">

  >> @commentable.comments
  => #<ActiveRecord::Associations::CollectionProxy []>


  >> @commentable.comments.new(params[:comment])
  !! #<ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError>
  >>

Comment Controller : 

class CommentsController < ApplicationController

 def new
  @comment = @commentable.comments.new
end

def create
 @comment = @commentable.comments.new(params[:comment]) <-- fail here
 if @comment.save
      redirect_to product_path(params[:product_id])
 else
      render :new
 end

end

   def comments_params
       params.require(:comments).permit(:commentable, :product_id, :content)
   end

Product Controller : 

  class ProductsController < ApplicationController

   def show
    @product = Product.find(params[:id])
    @commentable =  @product
    @comments ||= Comment.where(:commentable_id => params[:id])
    @comment = Comment.new
   end

   def product_params
       params.require(:product).permit(:title, :description, :image_url, :price, :tags, comments_attributes: [:product_id, :content])
   end

Models : product.rb 

   class Product < ActiveRecord::Base

       has_many :comments, as: :commentable 
       accepts_nested_attributes_for :comments
   end

comment.rb

   class Comment < ActiveRecord::Base

       belongs_to :commentable, polymorphic: true

   end
Was it helpful?

Solution

I am guessing that you are using Rails4 as you have implemented comments_params method. In Rails 4, strong parameters is used to move mass-assignment protection out of the model and into the controller. You have implemented the method comments_params but are not using it.

Replace 

@comment = @commentable.comments.new(params[:comment])

with 

@comment = @commentable.comments.new(comments_params)

Also, update comments_params as follows

  def comments_params
       params.require(:comment).permit(:commentable, :product_id, :content)
   end

NOTE: require singular :comment and not plural :comments

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top