4

So I've gone through the Rails tutorial here:

http://ruby.railstutorial.org/ruby-on-rails-tutorial-book

and am trying to get ActiveAdmin to be able to delete Users. Via the tutorial, my User model has_secure_password and also has a remember_token attribute. Consequently, when I go to my ActiveAdmin Users page and try to edit a User, the fields that are to be filled in are: Username, Email, Password Digest, Remember Token.

When I, for instance, modify the name field and try to submit the edit request, I get a ActiveModel::ForbiddenAttributesError. This happens when I try to create a User as well. I'm thinking this obviously has something to do with my authentication/password setup, but being fairly new to Rails, I'm not sure where to start looking. Any ideas?

EDIT: I tried adding this to my app/admin/user.rb file:

controller do
  def resource_params
    return [] if request.get?
    [ params.require(:active).permit(:name, :email, :password_digest, :remember_token) ]
  end
end

and this error in my stack trace disappears:

Unpermitted parameters: utf8, _method, authenticity_token, commit, id

Now, when I hit update within ActiveAdmin, I no longer get a ForbiddenAttributesError. Instead, the page reloads, but the changes aren't committed, and I get this message in my terminal:

 Started PATCH "/admin/users/59" for ...
 ...
 ...
 (0.1ms)  begin transaction
 User Exists (0.5ms)  SELECT 1 AS one FROM "users" WHERE (LOWER("users"."email") = LOWER('example-58@railstutorial.org') AND "users"."id" != 59) LIMIT 1
 (0.2ms)  rollback transaction

This is my users_controller.rb:

def update
  @active = Active.find(params[:id])
  if @active.update_attributes(active_params)
    flash[:success] = "Profile updated"
    redirect_to @active
  else
    render 'edit'
  end
end

private

  def active_params
    return [] if request.get?
    [ params.require(:active).permit(:name, :email, :password_digest, :remember_token) ]
  end
r123454321
  • 3,323
  • 11
  • 44
  • 63

3 Answers3

5

I don't know ActiveAdmin specifically, but your error says you're not permitting your id param

Params

You've got your params like this:

params.permit user: [:name, :email, :password_digest, :remember_token ]

I'd start by trying this:

params.require(:user).permit(:name, :email, :password_digest, :remember_token)

ActiveAdmin

How to get ActiveAdmin to work with Strong Parameters?

According to this question, you'll need to look at the official documentation and may be able to try this:

   config.before_filter do
       params.permit!
   end
Community
  • 1
  • 1
Richard Peck
  • 76,116
  • 9
  • 93
  • 147
  • If you don't want to set you're entire admin interface up like this, you can do it in only your one interface by removing the "config." – Jeff Ancel Apr 30 '14 at 05:53
4

This is an existing problem with Active Admin: https://github.com/gregbell/active_admin/issues/2595

Which is a symptom of setting:

config.action_controller.action_on_unpermitted_parameters = :raise

I don't know of a solution as of yet, and as you can see no one has commented on that ticket. The most expedient option would be not to :raise on unpermitted parameters, but to use the default behavior of skipping over them.

seanlinsley
  • 3,165
  • 2
  • 25
  • 26
  • So I've tried the fix spelled out by deneuxa here: https://github.com/gregbell/active_admin/issues/2595 but I get the error message `User Exists (0.5ms) SELECT 1 AS one FROM "users" WHERE (LOWER("users"."email") = LOWER('example-59@railstutorial.org') AND "users"."id" != 60) LIMIT 1` The email and id attributes of Users are obviously unique, but why should this error be raised on a PATCH? – r123454321 Dec 23 '13 at 19:24
  • Would you guys just recommend me to switch over from implementing authentication from scratch and just use Devise? – r123454321 Dec 23 '13 at 19:25
  • I can't diagnose your problem without more details. But generally, I'm confused that the `:id` parameter is at the top level; it should be nested inside of `:user` – seanlinsley Dec 23 '13 at 19:52
  • Also note that there's a convenience DSL for setting permitted params: https://github.com/gregbell/active_admin/blob/b24bc14ee9c3d6e2d90a9116ee34470af5f868a3/docs/2-resource-customization.md#setting-up-strong-parameters – seanlinsley Dec 23 '13 at 19:53
  • 1
    Just made some edits to the OP -- I no longer get a ForbiddenAttributesError; instead, the transaction is rolled back. Is there any specific further information you might need to be able to diagnose this? Thanks so much. – r123454321 Dec 23 '13 at 20:16
  • The change you made won't work, because the parameters are nested in a hash instead of being at the root level. – seanlinsley Dec 24 '13 at 19:24
  • @RyanYu The User exists issue was solved after I included :password field in the "edit" form. See my answer here for permit params values I used after adding :password to the "edit" form http://stackoverflow.com/a/21290220/73935 – Naren Jan 22 '14 at 17:56
0

User.rb for ActiveAdmin example

In this case, User has_one :account

ActiveAdmin.register User do
  config.batch_actions = false

  # Your params here
  permit_params :first_name, :last_name, :email,
   :born_date, :password, :password_confirmation, :account,
   account_attributes: [:country_id,:university_id, :english_level]

  # stuff

end
Abel
  • 3,989
  • 32
  • 31