During my upgrade to Rails 4, I decided to postpone the removal of attr_accessible and use this gem. Now, I would like to drop this in favor of strong_parameters. Since our application is fairly large, I would like to do this gradually.
I've been trying to follow the instructions here: https://github.com/rails/strong_parameters#migration-path-to-rails-4. However, when I set config.active_record.whitelist_attributes = false and include ActiveModel::ForbiddenAttributesProtection in one of my models, the following statement still proceeds to instantiate a user without any problems:
According to my understanding of strong_parameters, this should throw a ActiveModel::ForbiddenAttributesError. Basically, strong_parameters does not seem to be working, or the protected_attributes is conflicting somehow.
During my upgrade to Rails 4, I decided to postpone the removal of attr_accessible and use this gem. Now, I would like to drop this in favor of strong_parameters. Since our application is fairly large, I would like to do this gradually.
I've been trying to follow the instructions here: https://github.com/rails/strong_parameters#migration-path-to-rails-4. However, when I set
config.active_record.whitelist_attributes = false
and includeActiveModel::ForbiddenAttributesProtection
in one of my models, the following statement still proceeds to instantiate a user without any problems:User.new(ActionController::Parameters.new(first_name: 'Ruben'))
According to my understanding of strong_parameters, this should throw a
ActiveModel::ForbiddenAttributesError
. Basically, strong_parameters does not seem to be working, or theprotected_attributes
is conflicting somehow.Can anyone help me with this problem?