Undefined Method attr_accessible

Question

I am somewhat new to rails and I am trying to create a User login. I went through the tutorial found here. At the end it had me add "attr_accessible" for mass assignment. However when I did that I got the following error:

undefined method `attr_accessible' for #<Class:0x007ff70f276010>

I saw on this post that I neeed < ActiveRecord::Base. But I do have that included. Here is the code for my User Model:

class User < ActiveRecord::Base

  attr_accessor :password
  EMAIL_REGEX = /\A[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\z/i
  validates :username, :presence => true, :uniqueness => true, :length => { :in => 3..20 }
  validates :email, :presence => true, :uniqueness => true, :format => EMAIL_REGEX
  validates :password, :confirmation => true #password_confirmation attr
  validates_length_of :password, :in => 6..20, :on => :create
  before_save :encrypt_password
  after_save :clear_password
  attr_accessible :username, :email, :password, :password_confirmation

  def encrypt_password
    if password.present?
      self.salt = BCrypt::Engine.generate_salt
      self.encrypted_password= BCrypt::Engine.hash_secret(password, salt)
    end
  end

  def clear_password
    self.password = nil
  end

end

Any other ideas on what could be causing this problem would be really appreciated, thanks!

Edit: On Rails 4.1. Looks like it doesn't apply anymore. Thanks fotanus

[read here](http://stackoverflow.com/questions/17371334/how-is-attr-accessible-used-in-rails-4). Fix your question with the correct rails version you are using, since it is important for this question. — fotanus, May 02 '14 at 22:25

Wally Ali · Accepted Answer · 2014-05-02T23:08:15.187

90

No mass assignment allowed for Rails 4.1

instead of having attr_accessible :username, :email, :password, :password_confirmation in your model, use strong parameters. You'll do this in your UsersController:

    def user_params
      params.require(:user).permit(:username, :email, :password, :password_confirmation)
    end

then call the user_params method in your controller actions.

edited May 02 '14 at 23:08

answered May 02 '14 at 22:39

Wally Ali

2,500
1
13
20

score 18 · Answer 2 · answered May 02 '14 at 23:38

No mass assignment allowed for Rails 4.1

You will have to try something like this.

class Person
  has_many :pets
  accepts_nested_attributes_for :pets
end

class PeopleController < ActionController::Base
  def create
    Person.create(person_params)
  end

  ...

  private

    def person_params
      # It's mandatory to specify the nested attributes that should be whitelisted.
      # If you use `permit` with just the key that points to the nested attributes hash,
      # it will return an empty hash.
      params.require(:person).permit(:name, :age, pets_attributes: [ :name, :category ])
    end
end

Refer

https://github.com/rails/strong_parameters

score 8 · Answer 3 · edited Aug 30 '22 at 18:22

8

Make sure you are installed gem protected_attributes (or protected_attributes_continued in case Rails 5+) that this gem is present in your gemfile and run bundle install terminal. Then restart your server.

edited Aug 30 '22 at 18:22

Paul Simpson

2,504
16
28

answered Aug 26 '15 at 06:45

Sỹ Phạm

530
6
16

1

There is a new gem for the new rails versions: - protected_attributes_continued – workdreamer Jan 21 '22 at 22:54

Undefined Method attr_accessible

3 Answers3

Linked