Unpermitted parameter :supervisor

Question

I'm working on a website where users can input hours, and supervisors can approve or deny them, but I keep getting this error: Unpermitted parameter: :supervisor

I've tried changing the has_many relationships, changing the parameters of the supervisors like Nested attributes unpermitted parameters said, but to no avail.

my hours_controller.rb (I'm getting the error here)

   def create
       @hour = current_user.hours.build(hour_params)
       @supervisor = Supervisor.find_by(params[:email])
       if @hour.save
          flash[:info] = "Waiting for approve"
          redirect_to current_user
       end
   end


   private

   def hour_params
      params.require(:hour).permit(:content, :approved)
   end

my hour.rb

class Hour < ApplicationRecord
  belongs_to :user
  belongs_to :supervisor
  default_scope -> { order(created_at: :desc) }
  validates :user_id, presence: true
  validates :content, :inclusion => 1..100
  validates :approved, presence: true, default: false
end

my supervisor_controller.rb

class SupervisorsController < ApplicationController

  def new
    @supervisor = Supervisor.new
  end

  def create
   Supervisor.new = Supervior.create(supervisor_params)
    if @supervisor.save
      flash[:info] = "Please check your email to activate your account"
      redirect_to root_url
    else
      render 'new'
    end
  end

  def home
  end

  def hours
  end

  private

  def supervisor_params
    params.require(:supervisor).permit(:id, :first_name, :last_name, :email, :address, :telephone, :role, :organization, :password, :password_confirmation, :signature, { hour: [:content, :approved]})
  end


end

my supervisor.rb

class Supervisor < ApplicationRecord
    has_many :hours, dependent: :destroy
    validates :first_name, presence: true
    validates :last_name,  presence: true
    VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
    validates :email, presence: true, format: {with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }
    validates :address, presence: true
    validates :telephone, presence: true
    validates :role, presence: true
    validates :organization, presence: true
    has_secure_password
    validates :password, presence: true, length: { minimum: 6 }


end

and my html for the actual form

<%= form_for @hour, url: hours_path do |hour_builder| %>
   <%= render 'shared/error_messages', object: hour_builder.object %>

      <%= hour_builder.label :content, "Hours to input" %>
      <%= hour_builder.text_field :content, class: 'form-control' %>

      <%= hour_builder.simple_fields_for @supervisor do |supervisor_builder| %>
         <%= render 'shared/error_messages', object: supervisor_builder.object %>


         <%= supervisor_builder.label :first_name, "First name of supervisor" %>
         <%= supervisor_builder.text_field :first_name, class: 'form-control' %>
         <%= supervisor_builder.label :email, "Email of supervisor" %>
         <%= supervisor_builder.text_field :email, class: 'form-control' %>
         <%= supervisor_builder.label :telephone, "Telephone number of Supervisor" %>
         <%= supervisor_builder.text_field :telephone, class: 'form-control' %>

         <% end %>
      <%= hour_builder.submit 'Log Hours', class: 'btn btn-success' %> 

<% end %>

`

what are you trying to accomplish ?. Looking at the code, the form hits your `HoursController#create` action. And you only permit the `content` and `approved` params that come in you `hour` resource in the params. You're not permitting anything about the `supervisor` that comes from the form. But in your `HoursController#create` action you're not doing anything with the Supervisor stuff because you're not using `accepts_nested_attributes_for` in your `Hour` model. Or not sure what you're trying to do here. Perhaps you think that the from will go to both controllers ?, that's not true. — fanta, Apr 11 '19 at 17:19
To me, it looks like you're posting this hour form with a supervisor key in your hours controller, which is showing unpermitted since you don't have that keyword in your strong params. — Matthew, Apr 11 '19 at 17:20
@fanta I thought that the form would go to both controllers, so i changed the Hour model to `accepts_nested_attributes_for :supervisor` and used @dharmesh's code and I'm still getting the same error — Connor Harvey, Apr 12 '19 at 00:57

dharmesh · Answer 1 · 2019-04-11T17:28:29.240

1

I think you are passing the supervisor params nested inside hours params. Whereas in controller you have not permitted supervisor params in your hours controller.

update your hours controller to

def hour_params
  params.require(:hour).permit(:content, :approved, supervisor_attributes: [:id, :first_name, :last_name, :email, :telephone])
end

This is based on the form you have created. I think you need to rework on the associations between hours and supervisors and users.

My suggesstion would be to change the hour model to accept nested_attributes for supervisor model and make changes to the params to allow supervisor attributes along with hour params.

edited Apr 11 '19 at 17:28

answered Apr 11 '19 at 17:17

dharmesh

452
4
12

I've tried this code and didn't change, it still told my there `Unpermitted parameter: :supervisor` and I also tried changing `supervisor_attributes` to `supervisor` and it gave me an `ActiveRecord::AssociationTypeMismatch` error – Connor Harvey Apr 12 '19 at 01:01

score 0 · Answer 2 · answered Apr 12 '19 at 16:00

Try to merge params

def company_params params[:company].merge!(users_attributes: {'0': user_params.to_h }) params.require(:company).permit( :name, :contact_person_name, :email, :contact_person_number, :terms_and_conditions, users_attributes: %i[ id first_name last_name password password_confirmation phone_number ] ) end

def user_params params[:user].merge!(phone_number: params[:company][:contact_person_number]) params.require(:user).permit( :first_name, :last_name, :password, :password_confirmation, :phone_number ) end

In my case company has many user. I hope work for u.

score 0 · Accepted Answer · answered Apr 16 '19 at 05:24

Thanks for all the answers, I used all of them to help me, but here is what I did in full:

first: I added this line to my hour.rb

hour.rb

attr_accessor :supervisor

Second: I added a migration for the hours model to use the supervisor model as a reference

$ rails g migration add_supervisor_to_hours supervisor:references

Third: I changed the hour_params in my hours_controller.rb

hours_controller.rb

def hour_params
   params.require(:hour).permit(:content, :email, 
   supervisor: [:id,:first_name, :email, :telephone])
end

Unpermitted parameter :supervisor

3 Answers3