ActiveModel::MassAssignmentSecurity::Error even when using accepts_nested_attributes_for

Question

My complete error message is:

ActiveModel::MassAssignmentSecurity::Error in WorkoutsController#create Can't mass-assign protected attributes: workout_entry

The params that I am sending looks like:

{"workout"=>{"unit"=>"kg", "name"=>"2013-02-20T21:26:19", "note"=>nil, "workout_entry"=> [{"workout_entry_number"=>"1", "exercise_id"=>2, "entry_detail"=>[{"set_number"=>"1", "weight"=>"32", "reps"=>"43"}]}]}}

I have a workout that has many workout entries and each workout entries can have many entry details. The note is optional.

workout.rb

class Workout < ActiveRecord::Base
    has_many :workout_entries, dependent: :destroy

    attr_accessible :id, :name, :note, :unit, :workout_entries_attributes
    belongs_to :user
    accepts_nested_attributes_for :workout_entries

    validates_presence_of :name
    validates_presence_of :unit, :inclusion => %w(kg lb)
    validates_associated :workout_entries

    default_scope order("created_at DESC")

end

workout_entry.rb

class WorkoutEntry < ActiveRecord::Base

    belongs_to :workout
    belongs_to :exercise
    has_many :entry_details, dependent: :destroy

    attr_accessible :workout_id, :exercise_id, :workout_entry_number, :entry_details_attributes
    accepts_nested_attributes_for :entry_details

    validates :exercise_id, presence: true, numericality: {only_integer: true}, :inclusion => { :in => 1..790 }
    validates :workout_id, presence: true, numericality: {only_integer: true, greater_than_or_equal_to: 1}
    validates :workout_entry_number, presence: true, numericality: {only_integer: true, greater_than_or_equal_to: 1}

end

workouts_controller.rb

class WorkoutsController < ApplicationController
    respond_to :json
    before_filter :authenticate_user!

    def index
        respond_with(current_user.workouts)
    end

    def show
        respond_with(current_user.workouts.find(params[:id]))
    end

    def create
        respond_with(current_user.workouts.create(params[:workout]))
    end

    def update
        @workout = current_user.workouts.find(params[:id])
        if @workout.update_attributes(params[:workout])
          render json: @workout, status: :ok
        else
          render json: @workout.errors, status: :unprocessable_entity
        end
    end

    def destroy
        respond_with(current_user.workouts.destroy(params[:id]))
    end

end

I tried switching the ordering of attr_accessible and accepts_nested_attributes_for within the workout.rb, but it does not work.

I even tried to set

config.active_record.whitelist_attributes = true

but creating was still prevented.

Answer 1

accepts_nested_attributes_for does not add any attributes to the whitelist. Whatever keys your trying to pass to update_attributes have to be listed in attr_accessible, in your case you need to add workout_entry to attr_accessible .

It does look like you have an error in the form, if your using fields_for then it should be using the key workout_entries_attributes , which you have accessible.

Answer 2

尝试在锻炼模型中可访问的attr中添加execution_entry_ids。

Answer 3

I decided to not use accepts_nested_attributes_for in the workout and workout_entry models because it wasn't working for me. I also updated the format of my json that is sent. Details are in the link below

link