1

When I do lesson6 of Rails Tutorial (by Michael Hartl),there is a problem:1 error prohibited this user from being saved:Password can't be blank.

gem 'bcrypt-ruby'

This is my User model

   class User < ActiveRecord::Base
  has_many :microposts
  attr_accessor  :name ,:email
  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
  validates :name,  presence: true, length: { maximum: 50 }
  validates :email, presence: true , format: { with: VALID_EMAIL_REGEX }
  before_save { self.email = email.downcase }
  has_secure_password
end

I've created user and now appears

 Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"4TpdKJZ3BeSxpH4pWUK4L1LwzBvJmBo/4MHnYlGQsmQ=", "user"=>{"name"=>"tom", "email"=>"tom@gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Create User"}

Unpermitted parameters: password, password_confirmation

The User Controller

  class UsersController < ApplicationController
      before_action :set_user, only: [:show, :edit, :update, :destroy]

      # GET /users
      # GET /users.json
      def index
        @users = User.all
      end

      # GET /users/1
      # GET /users/1.json
      def show
      end

      # GET /users/new
      def new
        @user = User.new
      end

      # GET /users/1/edit
      def edit
      end

      # POST /users
      # POST /users.json
      def create
        @user = User.new(user_params)

        respond_to do |format|
          if @user.save
            format.html { redirect_to @user, notice: 'User was successfully created.' }
            format.json { render action: 'show', status: :created, location: @user }
          else
            format.html { render action: 'new' }
            format.json { render json: @user.errors, status: :unprocessable_entity }
          end
        end
      end

      # PATCH/PUT /users/1
      # PATCH/PUT /users/1.json
      def update
        respond_to do |format|
          if @user.update(user_params)
            format.html { redirect_to @user, notice: 'User was successfully updated.' }
            format.json { head :no_content }
          else
            format.html { render action: 'edit' }
            format.json { render json: @user.errors, status: :unprocessable_entity }
          end
        end
      end

      # DELETE /users/1
      # DELETE /users/1.json
      def destroy
        @user.destroy
        respond_to do |format|
          format.html { redirect_to users_url }
          format.json { head :no_content }
        end
      end

      private
        # Use callbacks to share common setup or constraints between actions.
        def set_user
          @user = User.find(params[:id])
        end

        # Never trust parameters from the scary internet, only allow the white list through.
        def user_params
          params.require(:user).permit(:name, :email)
        end
    end

How to solve this problem "Unpermitted parameters"? thanks

michael
  • 127
  • 2
  • 6

1 Answers1

3

You need add unpermitted params to

def user_params
  params.require(:user).permit(:name, :email, :password, :password_confirmation)
end

PS I think you should read about strong_parameters

gotva
  • 5,919
  • 2
  • 25
  • 35
  • Thanks very much ,I find it in http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html right now. – michael Nov 10 '13 at 10:42