Can't mass-assign protected attributes

Rails
1

Hi there!
I started learning Rails using the guides.rubyonrails.org/*
documentation, and I have started a simple project with only two model
classes so start with. However, I’ve came across some errors, and with
some trial I got it working. I have a final question about the error
“Can’t mass-assign protected attributes”, but first some version
numbers and what I did:

% rails --version
Rails 3.2.3
% rails new testapp
% cd testapp
% rails g scaffold project name:string file:binary
% rails g scaffold auction name:string begin:datetime
project:references
% rake db:migrate

== CreateProjects: migrating

– create_table(:projects)
→ 0.0014s
== CreateProjects: migrated (0.0015s)

== CreateAuctions: migrating

– create_table(:auctions)
→ 0.0010s
– add_index(:auctions, :project_id)
→ 0.0004s
== CreateAuctions: migrated (0.0015s)

% rails c
Loading development environment (Rails 3.2.3)
irb(main):002:0> p = Project.new(name: “test”, file:“fff”)
=> #<Project id: nil, name: “test”, file: “fff”, created_at: nil,
updated_at: nil>
irb(main):003:0> p.save()
=> true

irb(main):010:0> Auction.new(:name => “tzap”, :begin =>
nil, :project_id => 1)
ActiveModel::MassAssignmentSecurity::Error: Can’t mass-assign
protected attributes: project_id
from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/
activemodel-3.2.3/lib/active_model/mass_assignment_security/
sanitizer.rb:48:in process_removed_attributes' from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/ activemodel-3.2.3/lib/active_model/mass_assignment_security/ sanitizer.rb:20:in debug_protected_attribute_removal’
from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/
activemodel-3.2.3/lib/active_model/mass_assignment_security/
sanitizer.rb:12:in sanitize' from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/ activemodel-3.2.3/lib/active_model/mass_assignment_security.rb:230:in sanitize_for_mass_assignment’
from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/
activerecord-3.2.3/lib/active_record/attribute_assignment.rb:75:in
assign_attributes' from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/ activerecord-3.2.3/lib/active_record/base.rb:498:in initialize’
from (irb):10:in new' from (irb):10 from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/ railties-3.2.3/lib/rails/commands/console.rb:47:in start’
from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/
railties-3.2.3/lib/rails/commands/console.rb:8:in start' from /usr/local/Cellar/ruby/1.9.3-p194/lib/ruby/gems/1.9.1/gems/ railties-3.2.3/lib/rails/commands.rb:41:in <top (required)>’
from script/rails:6:in require' from script/rails:6:in

==> So I added :project_id to the model:

% cat app/models/auction.rb
class Auction < ActiveRecord::Base
belongs_to :project
attr_accessible :begin, :name, :project_id
^^^^^^^^^
end

And this time is working from the console:

% rails c
Loading development environment (Rails 3.2.3)
irb(main):001:0> Project.all
Project Load (0.1ms) SELECT “projects”.* FROM “projects”
=> [#<Project id: 1, name: “test”, file: “fff”, created_at:
“2012-05-05 13:05:44”, updated_at: “2012-05-05 13:05:44”>]
irb(main):008:0> a = Auction.new(:name => “foo”, :begin =>
nil, :project_id => 1)
=> #<Auction id: nil, name: “foo”, begin: nil, project_id: 1,
created_at: nil, updated_at: nil>
irb(main):009:0> a.save()
=> true

% rails s

1 => trying to add an auction using the front end:
http://dl.dropbox.com/u/8724298/Screen%20Shot%202012-05-05%20at%203.44.19%20PM.png
2 => I receive another error:
ActiveModel::MassAssignmentSecurity::Error in
AuctionsController#create

Can’t mass-assign protected attributes: project
Rails.root: /private/tmp/testapp

Application Trace | Framework Trace | Full Trace
app/controllers/auctions_controller.rb:43:in new' app/controllers/auctions_controller.rb:43:in create’
Request

Parameters:

{“utf8”=>“✓”,
“authenticity_token”=>“0gcU4dbRGsgmiXGEcMKO1o1Oec6GoGQ4OziwNbRyfoc=”,
“auction”=>{“name”=>“FFF”,
“begin(1i)”=>“2012”,
“begin(2i)”=>“5”,
“begin(3i)”=>“5”,
“begin(4i)”=>“13”,
“begin(5i)”=>“44”,
“project”=>“1”},
“commit”=>“Create Auction”}

[
http://dl.dropbox.com/u/8724298/Screen%20Shot%202012-05-05%20at%203.44.19%20PM.png
]

Where am I wrong?

Thank you!

2

On May 5, 3:02 pm, overlap [email protected] wrote:

=> #<Auction id: nil, name: “foo”, begin: nil, project_id: 1,

Can’t mass-assign protected attributes: project
Rails.root: /private/tmp/testapp

Well you skipped over the code that raises the error, but I’m guessing
you load the project from the database and do something like

Auction.new(:project => p)

If so then you need to add :project to your attr_accessible list. The
prefix attr_ sort of implies that everything on the list has to be an
attribute, but that’s not so. Any key that you want to be allowed when
calling new,create etc. should be on the list (and before you add it
to the list, take a minute to think about the consequences of the user
being able to set arbitrary value)

Fred