• Generated Rails App w/out Active Record
• Added appropriate gems for Mongoid (Mongodb & Mongoid)
• Generated the mongoid.yml file in config/ with rails support
• Created a friend model and user controller with typical CRUD routes

Everything works except when I try to do a mass assignment I get: "undefined method `attr_accesible' for Friend:Class"

Model, friend.rb:

    class Friend
      include Mongoid::Document
      field :first_name, :type => String
      field :last_name, :type => String
      field :adjective, :type => String
      attr_accessible :first_name, :last_name, :adjective
    end

development:
  sessions:
    default:
      database: first_development
        hosts:
          - localhost:27017
        options:
        options:
test:
  sessions:
    default:
      database: first_test
      hosts:
        - localhost:27017
      options:
        consistency: :strong
        max_retries: 1
        retry_interval: 0

Thoughts?

Ok, I have found the problem.

First of all, I assume you are using Rails 4. The reason you are getting this error is that attr_protected and attr_accessible have been removed from Rails 4 and placed in their own gem. Rails is now encouraging a new protection model. You can read about this in the README. If you would like to continue using the old behavior, you must include the protected_attributes gem. Hope that helps.

EDIT: I've added clarification below since this is likely to be a common problem with users to upgrading to rails 4.

If you would like to continue using attr_accessible, i.e. the Rails 3 way, simply add gem protected_attributes to your Gemfile.

If you would like to start doing things the Rails 4 way, you must no longer use attr_accessible. Instead, you must move the attribute permission logic into the controller. Here is an example:

class UsersController < ApplicationController
  def create
    # Using params[:user] without calling user_params will throw an error because 
    # the parameters were not filtered. This is just some Rails magic.
    @user = User.new user_params
    if @user.save
      # Do whatever
    else
      render action: :new
    end
  end

  private
  def user_params
    # params.require(:user) throws an error if params[:user] is nil

    if current_user.nil? # Guest
      # Remove all keys from params[:user] except :name, :email, :password, and :password_confirmation
      params.require(:user).permit :name, :email, :password, :password_confirmation
    elsif current_user.has_role :admin
      params.require(:user).permit! # Allow all user parameters
    elsif current_user.has_role :user
      params.require(:user).permit :name, :email, :password, :password_confirmation
    end
  end

For any readers who are using Rails 5 and find out that the protected_attributes gem is not compatible:

You don't need attr_accessible since mass assignment is not possible anymore https://www.rubyplus.com/articles/3281-Mass-Assignment-in-Rails-5