How to get ActiveAdmin to work with Strong Parameters?

Question

Update: this question was asked before there was a solution for it already in ActiveAdmin. As Joseph states, the ActiveAdmin documentation now contains this information, but the answers here are provided for those working with older versions of ActiveAdmin.

When the strong_parameters 0.1.4 is used with ActiveAdmin 0.5.0 in Rails 3.2.8, if the model you are using is using StrongParameters by including:

include ::ActiveModel::ForbiddenAttributesProtection

then you get the following error in the log if you try to create/edit a record:

ActiveModel::ForbiddenAttributes (ActiveModel::ForbiddenAttributes)

Answer 1

The documentation now clearly states how to go about Setting up Strong Parameters in Rails 4. See:

https://github.com/gregbell/active_admin/blob/master/docs/2-resource-customization.md#setting-up-strong-parameters

Answer 2

Update to the latest inherited_resources gem and do this in your controller block:

ActiveAdmin.register Blog do
  #...
  controller do
    #...
    def permitted_params
      params.permit(:blog => [:name, :description])
      # params.permit! # allow all parameters
    end
  end
end

Answer 3

The accepted answer did not work for me with resources defined in an engine, so I tracked down the original resource_params in inherited_resources/lib/inherited_resources/base_helpers.rb and came up with this solution which closer mimics that code, and which works with engines:

In config/initializers/active_admin.rb:

ActiveAdmin::ResourceController.class_eval do
  # Allow ActiveAdmin admins to freely mass-assign when using strong_parameters
  def resource_params
    [(params[resource_request_name] || params[resource_instance_name]).try(:permit!) || {}]
  end
end

Answer 4

in your config/initializers/active_admin.rb

config.before_filter do
  params.permit!
end

Answer 5

Update: See @Brendon-Muir's answer for latest way to do this. The following information was correct previously, so I'll leave it here in case it helps others with an older version of ActiveAdmin.

A patch had been proposed in a google group thread: https://groups.google.com/forum/?fromgroups=#!topic/activeadmin/XD3W9QNbB8I

Then was being put together here: https://github.com/gregbell/active_admin/issues/1731

But for now, the least invasive way to add strong parameters support to ActiveAdmin in your app is to redefine resource_params in your controller block, either via the "permit all params" method, which is less secure:

controller do
  def resource_params
    return [] if request.get?
    [ params[active_admin_config.resource_class.name.underscore.to_sym].permit! ]
  end
end

or the more secure explicit way:

controller do
  def resource_params
    return [] if request.get?
    [ params.require(:name_of_model).permit(:each,:param,:goes,:here,:if,:you,:want) ]
  end
end

See Active Admin docs on modifying controllers:
http://activeadmin.info/docs/8-custom-actions.html#modify_the_controller

Answer 6

You can also use permit_params as follows:

ActiveAdmin.register Resource do

  permit_params do
    %i(first_name last_name)
  end

  index pagination_total: false do
    column :id
    column :first_name
    column :last_name
    actions
  end
end