if using strong parameters, do I still need attr_accessible for nested_attributes

Question

I'm updating a Rails 3.2 app to strong parameters (first day with it so still grokkin). I'm getting the following error for User that has_one :profile.

The user class (in simplified form) looks like this:

class User < ActiveRecord::Base
  include ActiveModel::ForbiddenAttributesProtection
  has_one :profile
  accepts_nested_attributes_for :profile
  attr_accessible :profile_attributes # this is the line in question

in my update method, I have:

def update
    @user = User.find(params[:id])
    respond_to do |format|
      if @user.update_attributes(user_params)

        flash[:notice] = "This was updated"
        #format.html { redirect_to user_home_path, notice: 'User was successfully updated.' }
        format.json { head :ok }
      end
    end
  end

private
  def user_params
    params.require(:user).permit(:email, :name, :password, :password_confirmation, profile_attributes: [:name, :about_me, :picture])
  end

The above only works if I leave in the attr_accessible :profile_attributes. I have updated my application.rb with

config.active_record.whitelist_attributes = false

If I remove the attr_accessible :profile_attributes, I get the following error:

WARNING: Can't mass-assign protected attributes: profile_attributes

I am under the impression that my attr_accessible's go away. Why am I still getting this warning and how do I fix it?

Check this http://stackoverflow.com/questions/13852534/strong-parameters-in-rails-3-2-8?rq=1 — Pavan, Jul 24 '15 at 04:59
thx - I'm doing everything there, this has to deal with using accepts_nested_attributes_for — timpone, Jul 24 '15 at 05:05

if using strong parameters, do I still need attr_accessible for nested_attributes

0 Answers0