I'm working on an app where I'm using Active Admin and Devise. I have modified both User and Admin Users table (via migration) to allow both models use one signing in process using Device instead of Active Admin. As 'super user' Admin can Sign In and access Admin Active. And application users wouldn't access Admin Active.
The problem I'm face happens when I attempt to create a new user or Admin. I get the following error:
ActiveModel::ForbiddenAttributesError in Admin::UsersController#create
It seems like simple but I can't see it. Here is the code:
Schema.rb
ActiveRecord::Schema.define(version: 20140721134754) do
create_table "active_admin_comments", force: true do |t|
t.string "namespace"
t.text "body"
t.string "resource_id", null: false
t.string "resource_type", null: false
t.integer "author_id"
t.string "author_type"
t.datetime "created_at"
t.datetime "updated_at"
end
add_index "active_admin_comments", ["author_type", "author_id"], name: "index_active_admin_comments_on_author_type_and_author_id"
add_index "active_admin_comments", ["namespace"], name: "index_active_admin_comments_on_namespace"
add_index "active_admin_comments", ["resource_type", "resource_id"], name: "index_active_admin_comments_on_resource_type_and_resource_id"
create_table "admin_users", force: true do |t|
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0, null: false
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.datetime "created_at"
t.datetime "updated_at"
end
add_index "admin_users", ["email"], name: "index_admin_users_on_email", unique: true
add_index "admin_users", ["reset_password_token"], name: "index_admin_users_on_reset_password_token", unique: true
create_table "users", force: true do |t|
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0, null: false
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.datetime "created_at"
t.datetime "updated_at"
t.boolean "superadmin", default: false, null: false
end
add_index "users", ["email"], name: "index_users_on_email", unique: true
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
end
app/admin.user.rb
The problem happens with 3rd line with create_or_edit >> @user.attributes = params[:user].delete_if do |k, v|
ActiveAdmin.register User do
def registration_params
params.require(:user).permit(:email, :password, :password_confirmation, :superadmin)
end
index do
column :email
column :current_sign_in_at
column :last_sign_in_at
column :sign_in_count
actions
end
form do |f|
f.inputs "User Details" do
f.input :email
f.input :password
f.input :password_confirmation
f.input :superadmin, :label => "Super Administrator"
end
f.actions
end
create_or_edit = Proc.new {
@user = User.where(id: params[:id]).first_or_create
@user.superadmin = params[:user][:superadmin]
@user.attributes = params[:user].delete_if do |k, v|
(k == "superadmin") ||
(["password", "password_confirmation"].include?(k) && v.empty? && !@user.new_record?)
end
if @user.save
redirect_to :action => :show, :id => @user.id
else
render active_admin_template((@user.new_record? ? 'new' : 'edit') + '.html.erb')
end
}
member_action :create, :method => :post, &create_or_edit
member_action :update, :method => :put, &create_or_edit
end
As you see I had added attempt to solve this issue but it doesn't work.
def registration_params
params.require(:user).permit(:email, :password, :password_confirmation, :superadmin)
end
Also I tried following solution for ApplicationController but still get same error message.
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:email, :password, :password_confirmation, :superadmin, :remember_me)}
end
What am I missing here.!?
UPDATE...
Error message
ActiveModel::ForbiddenAttributesError in Admin::UsersController#create
ActiveModel::ForbiddenAttributesError
Error occured @line 25
app/admin/user.rb
22 create_or_edit = Proc.new {
23 @user = User.where(:id => params[:id]).first || User.new
24 @user.superadmin = params[:user][:superadmin]
*25 @user.attributes = params[:user].delete_if do |k, v|*
26 (k == "superadmin") ||
27 (["password", "password_confirmation"].include?(k) && v.empty? && !@user.new_record?)
28 end
29 if @user.save
30 redirect_to :action => :show, :id => @user.id
Request parameters
{"utf8"=>"✓", "authenticity_token" => "Gd5oS423984792834729384729847293847JFxGY8o=", "user"=>{ "email"=>"person@site.com", "password"=>"password", "password_confirmation"=>"password", "superadmin"=>"0" }, "commit"=>"Create User", "action"=>"create", "controller"=> "admin/users" }
Full Trace
activemodel (4.1.0) lib/active_model/forbidden_attributes_protection.rb:21:in `sanitize_for_mass_assignment'
activerecord (4.1.0) lib/active_record/attribute_assignment.rb:24:in `assign_attributes'
app/admin/user.rb:27:in `block (2 levels) in <top (required)>'
actionpack (4.1.0) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (4.1.0) lib/abstract_controller/base.rb:189:in `process_action'
actionpack (4.1.0) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (4.1.0) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
activesupport (4.1.0) lib/active_support/callbacks.rb:113:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:113:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:229:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:229:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:229:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:229:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.0) lib/active_support/callbacks.rb:86:in `call'
activesupport (4.1.0) lib/active_support/callbacks.rb:86:in `run_callbacks'
actionpack (4.1.0) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.1.0) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.1.0) lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
activesupport (4.1.0) lib/active_support/notifications.rb:159:in `block in instrument'
activesupport (4.1.0) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.1.0) lib/active_support/notifications.rb:159:in `instrument'
actionpack (4.1.0) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.1.0) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.1.0) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.1.0) lib/abstract_controller/base.rb:136:in `process'
actionview (4.1.0) lib/action_view/rendering.rb:30:in `process'
actionpack (4.1.0) lib/action_controller/metal.rb:195:in `dispatch'
actionpack (4.1.0) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.1.0) lib/action_controller/metal.rb:231:in `block in action'
actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:80:in `call'
actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:80:in `dispatch'
actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:48:in `call'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:71:in `block in call'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:in `each'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:in `call'
actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:676:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `catch'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.5.2) lib/rack/etag.rb:23:in `call'
rack (1.5.2) lib/rack/conditionalget.rb:35:in `call'
rack (1.5.2) lib/rack/head.rb:11:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/flash.rb:254:in `call'
rack (1.5.2) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.1.0) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.1.0) lib/active_record/connection_adapters/abstract/connection_pool.rb:621:in `call'
activerecord (4.1.0) lib/active_record/migration.rb:380:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.1.0) lib/active_support/callbacks.rb:82:in `run_callbacks'
actionpack (4.1.0) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.1.0) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.1.0) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.1.0) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.1.0) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.1.0) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.1.0) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'
rack (1.5.2) lib/rack/runtime.rb:17:in `call'
activesupport (4.1.0) lib/active_support/cache/strategy/local_cache_middleware.rb:26:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
actionpack (4.1.0) lib/action_dispatch/middleware/static.rb:64:in `call'
rack (1.5.2) lib/rack/sendfile.rb:112:in `call'
railties (4.1.0) lib/rails/engine.rb:514:in `call'
railties (4.1.0) lib/rails/application.rb:144:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
rack (1.5.2) lib/rack/content_length.rb:14:in `call'
rack (1.5.2) lib/rack/handler/webrick.rb:60:in `service'
/usr/local/opt/rbenv/versions/2.0.0-p481/lib/ruby/2.0.0/webrick/httpserver.rb:138:in `service'
/usr/local/opt/rbenv/versions/2.0.0-p481/lib/ruby/2.0.0/webrick/httpserver.rb:94:in `run'
/usr/local/opt/rbenv/versions/2.0.0-p481/lib/ruby/2.0.0/webrick/server.rb:295:in `block in start_thread'
UPDATED
development.log
Started POST "/admin/users" for 66.241.138.122 at 2014-07-23 17:03:03 +0000
Processing by Admin::UsersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"HQDRvcsf111111132XFsLc=", "user"=>{"email"=>"person@site", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "superadmin"=>"1"}, "commit"=>"Create User"}
[1m[35mUser Load (0.2ms)[0m SELECT "users".* FROM "users" WHERE "users"."id" = 1 ORDER BY "users"."id" ASC LIMIT 1
[1m[36mUser Load (0.2ms)[0m [1mSELECT "users".* FROM "users" WHERE "users"."id" IS NULL ORDER BY "users"."id" ASC LIMIT 1[0m
Completed 500 Internal Server Error in 20ms
ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):
app/admin/user.rb:18:in `block (2 levels) in <top (required)>'
Rendered /home/action/.gem/ruby/2.1.1/gems/actionpack-4.1.0/lib/action_dispatch/middleware/templates/rescues/_source.erb (0.8ms)
Rendered /home/action/.gem/ruby/2.1.1/gems/actionpack-4.1.0/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (1.4ms)
Rendered /home/action/.gem/ruby/2.1.1/gems/actionpack-4.1.0/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (1.1ms)
Rendered /home/action/.gem/ruby/2.1.1/gems/actionpack-4.1.0/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (25.1ms)
