Agile Web Development 4th ed. - Can't mass assign.error

36 views
Skip to first unread message

Lucas J.

unread,
Apr 7, 2012, 7:14:31 PM4/7/12
to rubyonra...@googlegroups.com
I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
picked up the Agile Web Development book and have been working through
it (apologies if this isn't the correct place for this question but the
pragprog forums don't seem to work for me). I am currently working
through the book and have reached the point where I am adding
functionality to an "Add to Cart" button. Here is the code that was
provided for the 'create' method in the line_item_controller:

def create

@cart = current_cart
product = Product.find(params[:product_id])
@line_item = @cart.line_items.build(product: product)

...

end

This results in the following error when I click "Add to Cart"

Can't mass-assign protected attributes: product

Can anyone shed some light on what is going on here (my search-fu has
failed me)? The only way that I have been able to get this to work is
by changing the code (starting at @line_item) to:

@line_item = @cart.line_items.build
@line_item.product = product

Is this correct or is it just a band-aid fix that may cause issues going
forward?

Thanks,

--
Posted via http://www.ruby-forum.com/.

Jeffrey L. Taylor

unread,
Apr 7, 2012, 8:04:36 PM4/7/12
to rubyonra...@googlegroups.com

This is a correct way to do it now. And probably the best way to move forward
with the tutorial right now. The newest releases of Rails have made
mass-assign protection the default. Without it you have a security risk. You
can learn more by Googling "Rails mass assign". Save it for after you
complete the book.

HTH,
Jeffrey

Tom Meinlschmidt

unread,
Apr 7, 2012, 8:13:57 PM4/7/12
to rubyonra...@googlegroups.com

what about use google a bit? there's about 2.460.000 resuls for "Can't mass-assign protected attributes:" query

set attr_accessible in your model(s)

tom

--
===============================================================================
Tomas Meinlschmidt, MS {MCT, MCP+I, MCSE, AER}, NetApp Filer/NetCache

www.meinlschmidt.com www.maxwellrender.cz www.lightgems.cz
===============================================================================

Lucas J.

unread,
Apr 7, 2012, 10:11:00 PM4/7/12
to rubyonra...@googlegroups.com
Thanks, Jeffrey. I just wanted to ensure that I was on the right track
and that I wasn't setting myself up for more problems later.

Tom - I tried google first (I always do). My attributes are already set
to attr_accessible in my models (there are only three at this point),
which is why I was so confused. I'm sure there's something I'm
overlooking but I'm not going to spend too much more time on it since I
have a working solution at this point.

Frederick Cheung

unread,
Apr 8, 2012, 7:52:36 AM4/8/12
to Ruby on Rails: Talk
If you want to be able to do line_items.build(product: p) you need to
mark product as attr_accessible too. The mass assignment stuff doesn't
know what things are database attributes, virtual attributes,
associations etc.

Fred


> --
> Posted viahttp://www.ruby-forum.com/.

吴冉波

unread,
Nov 1, 2013, 6:19:11 AM11/1/13
to rubyonra...@googlegroups.com
maybe you miss the code in the book:

file: line_item.rb
belong_to :product
belong_to :cart

then, the line_item has the attr product.
Reply all
Reply to author
Forward
0 new messages