I have an array field in my model and I'm attempting to update it.

My strong parameter method is below

def post_params
  params["post"]["categories"] = params["post"]["categories"].split(",")

  params.require(:post).permit(:name, :email, :categories)
end

My action in my controller is as follows

def update
  post = Post.find(params[:id]

  if post and post.update_attributes(post_params)
    redirect_to root_url
  else
    redirect_to posts_url
  end
end

However, whenever I submit the update the post, in my development log I see

Unpermitted parameters: categories

The parameters passed through is

  Parameters: {"utf8"=>"✓", "authenticity_token"=>"auth token", "id"=>"10", 

"post"=>{"name"=>"Toni Mitchell", "email"=>"eileen_hansen@hayetokes.info", "categories"=>",2"}}

I want to think it has something to do with the fact that the attribute categories is an array since everything else looks fine. Then again, I could be wrong. So, what's wrong with my code and why is not letting me save the categories field when clearly it is permitted to do so? Thanks.

Try this

params.require(:post).permit(:name, :email, :categories => [])

(Disregard my comment, I don't think that matters)

in rails 4, that would be,

params.require(:post).permit(:name, :email, {:categories => []})

The permitted scalar types are String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile and Rack::Test::UploadedFile.

To declare that the value in params must be an array of permitted scalar values map the key to an empty array:

params.permit(:id => [])

This is what the strong parameters documentation on Github says:

params.require(:post).permit(:name, :email, :categories => [])

I hope this works out for you.

I had the same problem but in my case I had also to change from:

<input type="checkbox" name="photographer[attending]" value="Baku">

to:

<input type="checkbox" name="photographer[attending][]" value="Baku">

Hope this is helping someone.

I had the same problem, but simply adding array to permit was not enough. I had to add type, too. This way:

params.require(:transaction).permit(:name, :tag_ids => [:id])

I am not sure if this is perfect solution, but after that, the 'Unpermitted parameters' log disappeared.

I found hint for that solution from this excellent post: http://patshaughnessy.net/2014/6/16/a-rule-of-thumb-for-strong-parameters