Strong_parameters不起作用

Question

With Ruby 1.9.3, Rails 3.2.13, Strong_parameters 0.2.1:

I have followed every indication in tutorials and railscasts, but I can not get strong_parameters working. It should be something really simple, but I can not see where is the error.

config/initializers/strong_parameters.rb:

ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)

config/application.rb

config.active_record.whitelist_attributes = false

app/models/product.rb

class Product < ActiveRecord::Base
end

app/controllers/products_controller.rb:

class ExpedientesController < ApplicationController
  ...
  def create
    @product = Product.new(params[:product])
    if @product.save
      redirect_to @product
    else
      render :new
    end
  end
end

This raises the Forbidden Attributes exception, as expected. But when I move to:

 ...
  def create
    @product = Product.new(product_params)
    # and same flow than before
  end
  private
  def product_params
    params.require(:product).permit(:name)
  end

Then, if I go to the form and enter "Name: product 1" and "Color: red" no exception is raised; the new product is saved in the database with no color but with the right name.

What am I doing wrong?

Answer 1

Solved.

By default, the use of not allowed attributes fails silently and the so submitted attributes are filtered out and ignored. In development and test environments the error is logged as well.

To change the default behaviour, for instance in development enviroment: config/environments/development.rb:

# Raises an error on unpermitted attributes assignment
  config.action_controller.action_on_unpermitted_parameters = :raise  # default is :log

To be honest, is very clearly explained in the github repository.