I am working through the Intro Rails Workshop, but I am running into an error ActiveModel::ForbiddenAttributesError in DecksController#create in my DecksController create method.
Admittedly I am not following the instructions as I am running Rails 4.1.1 and Ruby 2.1.2 rather than the prescribed versions. But this certainly seems like something I am going to need to learn how to resolve.
Here is my form
<%= link_to "New deck", "/decks/new" %>
<% @decks.each do |deck| %>
<div><%= link_to deck.name, "/decks/#{deck.id}" %></div>
<% end %>
And here is my method
def create
@deck = Deck.new(params["deck"])
@deck.save
redirect_to "/decks"
end
I would appreciate any help you can give to assist me in understanding this error.
Rails is telling me this line is causing the error.
Rails 4 makes strong parameters the default. This means that unless you override the protections, you have to filter your parameters using #permit (what you’ve done here on parameter filtering looks OK). The idea is to prevent mass assignment security holes, such as someone submitting an admin: true item when updating their password, and then making themselves an admin, etc.
This change moves parameter filtering from the model to the controller, which is a win because different controllers or methods or roles can have different rules for what parameters get filtered.