2

I've been following this tutorial to implement threaded comments with the acts_as_commentable_with_threading gem. However, I seem to be running into a mass assignment error that seems to stem from the way the gem sets up the Comment model, which I'm not sure I should modify (for the original intentions of the library).

Error output

Can't mass-assign protected attributes: commentable, body, user_id
app/models/comment.rb:20:in `new'
app/models/comment.rb:20:in `build_from'
app/controllers/posts_controller.rb:21:in `show'

posts_controller.rb

def show
  @post = Post.find(params[:id])
  @comments = @post.comment_threads.order('created_at desc')
  @new_comment = Comment.build_from(@post, current_user.id, "")
end

comments_controller.rb

class CommentsController < ApplicationController
  def create
    @comment_hash = params[:comment]
    @obj = @comment_hash[:commentable_type].constantize.find(@comment_hash[:commentable_id])
    @comment = Comment.build_from(@obj, current_user.id, @comment_hash[:body])
    if @comment.save
      render :partial => "comments/comment", :locals => { :comment => @comment }, :layout => false, :status => :created
    else
      flash.now[:error] = 'Comment was not submitted.'
    end
  end
end

comment.rb

class Comment < ActiveRecord::Base
  acts_as_nested_set :scope => [:commentable_id, :commentable_type]

  validates :body, :presence => true
  validates :user, :presence => true

  # NOTE: install the acts_as_votable plugin if you
  # want user to vote on the quality of comments.
  #acts_as_votable

  belongs_to :commentable, :polymorphic => true

  # NOTE: Comments belong to a user
  belongs_to :user

  # Helper class method that allows you to build a comment
  # by passing a commentable object, a user_id, and comment text
  # example in readme
  def self.build_from(obj, user_id, comment)
    new \
      :commentable => obj,
      :body        => comment,
      :user_id     => user_id
  end

  #helper method to check if a comment has children
  def has_children?
    self.children.any?
  end

  # Helper class method to lookup all comments assigned
  # to all commentable types for a given user.
  scope :find_comments_by_user, lambda { |user|
    where(:user_id => user.id).order('created_at DESC')
  }

  # Helper class method to look up all comments for
  # commentable class name and commentable id.
  scope :find_comments_for_commentable, lambda { |commentable_str, commentable_id|
    where(:commentable_type => commentable_str.to_s, :commentable_id => commentable_id).order('created_at DESC')
  }

  # Helper class method to look up a commentable object
  # given the commentable class name and id
  def self.find_commentable(commentable_str, commentable_id)
    commentable_str.constantize.find(commentable_id)
  end
end
wikichen
  • 2,253
  • 3
  • 18
  • 28

2 Answers2

0

Try to add in Comment model

attr_accessible :commentable, :body, :user_id

UPD: More about mass-assignment protection here

UPD2. But I suggest not to assign user_id via mass-assignment. Better do current_user.comments.build_from in your controller.

Bob
  • 2,081
  • 18
  • 25
  • Would this be advisable? I wouldn't want user_id to be mass assigned, since it should be limited to the current_user, right? (Also, nothing on the gem's docs specified modifying the model in any way for use.) – wikichen Jun 08 '13 at 08:51
0

try modify build_from method like this:

def self.build_from(obj, user_id, comment)
    new do |c|
      c.commentable = obj
      c.body        = comment
      c.user_id     = user_id
    end
end
Stein Wang
  • 1
  • 1