ActiveAdmin ForbiddenAttributesError

Question

i am a brand new for Ruby on Rails. I am using a ActiveAdmin and i have a problem with creating a AdminUser

ActiveModel::ForbiddenAttributesError in Admin::AdminUsersController#create ActiveModel::ForbiddenAttributesError

Request

Parameters:

• {"utf8"=>"✓",

• "authenticity_token"=>"nvV++6GNTdA/nDzw1iJ6Ii84pZPcv2mzg0PK2Cg9Ag0=",

• "admin_user"=>{"email"=>"admin2@example.com"},

• "commit"=>"Create Admin user"}*

---

Rails 4.1.0

activeadmin 1.0.0

ruby 2.1

---

app/admin/admin_user.rb

ActiveAdmin.register AdminUser do
    index do
      column :email
      column :current_sign_in_at
      column :last_sign_in_at
      column :sign_in_count
      default_actions
    end

    form do |f|
        f.inputs "Admin Details" do
            f.input :email
        end
        f.actions
    end
end

app/models/admin_user.rb

class AdminUser < ActiveRecord::Base
    # Include default devise modules. Others available are:
    # :confirmable, :lockable, :timeoutable and :omniauthable
    devise :database_authenticatable, 
           :recoverable, :rememberable, :trackable, :validatable

    after_create { |admin| admin.send_reset_password_instructions }

    def password_required?
        new_record? ? false : super
    end
end

Gemfile

source 'https://rubygems.org'

gem 'rails', '4.1.0'                                                
gem 'sqlite3'                                                       
gem 'sass-rails', '~> 4.0.3'                                        
gem 'uglifier', '>= 1.3.0'                                          
gem 'coffee-rails', '~> 4.0.0'                                      
gem 'jquery-rails'                                                  
gem 'turbolinks'                                                    
gem 'jbuilder', '~> 2.0'                                            
gem 'activeadmin',      github: 'gregbell/active_admin' 
gem 'polyamorous',      github: 'activerecord-hackery/polyamorous'
gem 'ransack',          github: 'activerecord-hackery/ransack'      
gem 'formtastic',       github: 'justinfrench/formtastic'           
gem 'devise'

gem 'sdoc', '~> 0.4.0', group: :doc 

config/environments/development.rb

Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

  # In the development environment your application's code is reloaded on
  # every request. This slows down response time but is perfect for development
  # since you don't have to restart the web server when you make code changes.
  config.cache_classes = false

  # Do not eager load code on boot.
  config.eager_load = false

  # Show full error reports and disable caching.
  config.consider_all_requests_local       = true
  config.action_controller.perform_caching = false

  # Don't care if the mailer can't send.
  config.action_mailer.raise_delivery_errors = false

  # Print deprecation notices to the Rails logger.
  config.active_support.deprecation = :log

  # Raise an error on page load if there are pending migrations.
  config.active_record.migration_error = :page_load

  # Debug mode disables concatenation and preprocessing of assets.
  # This option may cause significant delays in view rendering with a large
  # number of complex assets.
  config.assets.debug = true

  # Adds additional error checking when serving assets at runtime.
  # Checks for improperly declared sprockets dependencies.
  # Raises helpful error messages.
  config.assets.raise_runtime_errors = true

  # Raises error for missing translations
  # config.action_view.raise_on_missing_translations = true

  # Sending emails works
  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
end

Answer 1

Rails 4 uses strong parameters, which moves attribute whitelisting from the model to the controller. It is necessary to specify the attributes that you would like to be saved in the database. You have not permitted the attributes in your code, which is why you are receiving the ActiveModel::ForbiddenAttributesError.

Refer to the documentation of ActiveAdmin : Setting up Strong Parameters

You can setup strong parameters in the following way, using permit_params method which creates a method called permitted_params, use this method when overriding create or update actions:

ActiveAdmin.register AdminUser do
  ## ... 
  permit_params :attr1, :attr2 ## Add this line
end

Replace :attr1, :attr2, etc with the actual attribute names that you want to whitelist. For example: :email

Answer 2

What you're seeing is a security feature of newer versions of Rails. You will have to create a whitelist for the attributes which can be updated by the params as entered by the user. Otherwise, you will have to set each value manually.

Here's a sample of whitelisting certain params:

ActiveAdmin.register Post do
  permit_params :title, :content, :publisher_id
end

See the ActiveAdmin docs on the subject: https://github.com/gregbell/active_admin/blob/master/docs/2-resource-customization.md#setting-up-strong-parameters