Strong_parameters not working
With Ruby 1.9.3, Rails 3.2.13, Strong_parameters 0.2.1:
I have followed every indication in tutorials and railscasts, but I can not get strong_parameters working. It should be something really simple, but I can not see where is the error.
config.active_record.whitelist_attributes = false
class Product < ActiveRecord::Base end
class ExpedientesController < ApplicationController ... def create @product = Product.new(params[:product]) if @product.save redirect_to @product else render :new end end end
This raises the Forbidden Attributes exception, as expected. But when I move to:
... def create @product = Product.new(product_params) # and same flow than before end private def product_params params.require(:product).permit(:name) end
Then, if I go to the form and enter "Name: product 1" and "Color: red" no exception is raised; the new product is saved in the database with no color but with the right name.
What am I doing wrong?
By default, the use of not allowed attributes fails silently and the so submitted attributes are filtered out and ignored. In development and test environments the error is logged as well.
To change the default behaviour, for instance in development enviroment: config/environments/development.rb:
# Raises an error on unpermitted attributes assignment config.action_controller.action_on_unpermitted_parameters = :raise # default is :log
To be honest, is very clearly explained in the github repository.