42

Update: this question was asked before there was a solution for it already in ActiveAdmin. As Joseph states, the ActiveAdmin documentation now contains this information, but the answers here are provided for those working with older versions of ActiveAdmin.

When the strong_parameters 0.1.4 is used with ActiveAdmin 0.5.0 in Rails 3.2.8, if the model you are using is using StrongParameters by including:

include ::ActiveModel::ForbiddenAttributesProtection

then you get the following error in the log if you try to create/edit a record:

ActiveModel::ForbiddenAttributes (ActiveModel::ForbiddenAttributes)
Gary S. Weaver
  • 7,966
  • 4
  • 37
  • 61

6 Answers6

60

Update to the latest inherited_resources gem and do this in your controller block:

ActiveAdmin.register Blog do
  #...
  controller do
    #...
    def permitted_params
      params.permit(:blog => [:name, :description])
      # params.permit! # allow all parameters
    end
  end
end
Jake Berger
  • 5,237
  • 1
  • 28
  • 22
Brendon Muir
  • 4,540
  • 2
  • 33
  • 55
31

The documentation now clearly states how to go about Setting up Strong Parameters in Rails 4. See:

https://github.com/gregbell/active_admin/blob/master/docs/2-resource-customization.md#setting-up-strong-parameters

Gary S. Weaver
  • 7,966
  • 4
  • 37
  • 61
Joseph N.
  • 2,437
  • 1
  • 25
  • 31
19

The accepted answer did not work for me with resources defined in an engine, so I tracked down the original resource_params in inherited_resources/lib/inherited_resources/base_helpers.rb and came up with this solution which closer mimics that code, and which works with engines:

In config/initializers/active_admin.rb:

ActiveAdmin::ResourceController.class_eval do
  # Allow ActiveAdmin admins to freely mass-assign when using strong_parameters
  def resource_params
    [(params[resource_request_name] || params[resource_instance_name]).try(:permit!) || {}]
  end
end
Nick Urban
  • 3,568
  • 2
  • 22
  • 36
19

in your config/initializers/active_admin.rb

config.before_filter do
  params.permit!
end
Manish Kasera
  • 476
  • 4
  • 5
  • 2
    Like my first solution above, it's worth noting that this is not as secure. I'd recommend Brendon Muir's solution above to explicitly permit params in the controller block, which is mentioned a few times in the related ActiveAdmin thread for Rails 4 [here](https://github.com/gregbell/active_admin/issues/1963). It is more work, though, so weigh risks vs. benefits. – Gary S. Weaver Aug 08 '13 at 17:55
6

Update: See @Brendon-Muir's answer for latest way to do this. The following information was correct previously, so I'll leave it here in case it helps others with an older version of ActiveAdmin.

A patch had been proposed in a google group thread: https://groups.google.com/forum/?fromgroups=#!topic/activeadmin/XD3W9QNbB8I

Then was being put together here: https://github.com/gregbell/active_admin/issues/1731

But for now, the least invasive way to add strong parameters support to ActiveAdmin in your app is to redefine resource_params in your controller block, either via the "permit all params" method, which is less secure:

controller do
  def resource_params
    return [] if request.get?
    [ params[active_admin_config.resource_class.name.underscore.to_sym].permit! ]
  end
end

or the more secure explicit way:

controller do
  def resource_params
    return [] if request.get?
    [ params.require(:name_of_model).permit(:each,:param,:goes,:here,:if,:you,:want) ]
  end
end

See Active Admin docs on modifying controllers:
http://activeadmin.info/docs/8-custom-actions.html#modify_the_controller

Gary S. Weaver
  • 7,966
  • 4
  • 37
  • 61
3

You can also use permit_params as follows:

ActiveAdmin.register Resource do

  permit_params do
    %i(first_name last_name)
  end

  index pagination_total: false do
    column :id
    column :first_name
    column :last_name
    actions
  end
end
Davidslv
  • 634
  • 1
  • 7
  • 18