I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
picked up the Agile Web Development book and have been working through
it (apologies if this isn't the correct place for this question but the
pragprog forums don't seem to work for me). I am currently working
through the book and have reached the point where I am adding
functionality to an "Add to Cart" button. Here is the code that was
provided for the 'create' method in the line_item_controller:

def create

  @cart = current_cart
  product = Product.find(params[:product_id])
  @line_item = @cart.line_items.build(product: product)

...

end

This results in the following error when I click "Add to Cart"

Can't mass-assign protected attributes: product

Can anyone shed some light on what is going on here (my search-fu has
failed me)? The only way that I have been able to get this to work is
by changing the code (starting at @line_item) to:

  @line_item = @cart.line_items.build
  @line_item.product = product

Is this correct or is it just a band-aid fix that may cause issues going
forward?

Thanks,

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Search Discussions

  • Jeffrey L. Taylor at Apr 8, 2012 at 12:04 am

    Quoting Lucas J. <lists@ruby-forum.com>:
    I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
    picked up the Agile Web Development book and have been working through
    it (apologies if this isn't the correct place for this question but the
    pragprog forums don't seem to work for me). I am currently working
    through the book and have reached the point where I am adding
    functionality to an "Add to Cart" button. Here is the code that was
    provided for the 'create' method in the line_item_controller:

    def create

    @cart = current_cart
    product = Product.find(params[:product_id])
    @line_item = @cart.line_items.build(product: product)

    ...

    end

    This results in the following error when I click "Add to Cart"

    Can't mass-assign protected attributes: product

    Can anyone shed some light on what is going on here (my search-fu has
    failed me)? The only way that I have been able to get this to work is
    by changing the code (starting at @line_item) to:

    @line_item = @cart.line_items.build
    @line_item.product = product

    Is this correct or is it just a band-aid fix that may cause issues going
    forward?
    This is a correct way to do it now. And probably the best way to move forward
    with the tutorial right now. The newest releases of Rails have made
    mass-assign protection the default. Without it you have a security risk. You
    can learn more by Googling "Rails mass assign". Save it for after you
    complete the book.

    HTH,
       Jeffrey

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Tom Meinlschmidt at Apr 8, 2012 at 12:15 am

    On Apr 8, 2012, at 1:14 , Lucas J. wrote:

    I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
    picked up the Agile Web Development book and have been working through
    it (apologies if this isn't the correct place for this question but the
    pragprog forums don't seem to work for me). I am currently working
    through the book and have reached the point where I am adding
    functionality to an "Add to Cart" button. Here is the code that was
    provided for the 'create' method in the line_item_controller:

    def create

    @cart = current_cart
    product = Product.find(params[:product_id])
    @line_item = @cart.line_items.build(product: product)

    ...

    end

    This results in the following error when I click "Add to Cart"

    Can't mass-assign protected attributes: product

    Can anyone shed some light on what is going on here (my search-fu has
    failed me)? The only way that I have been able to get this to work is
    by changing the code (starting at @line_item) to:

    @line_item = @cart.line_items.build
    @line_item.product = product

    Is this correct or is it just a band-aid fix that may cause issues going
    forward?

    Thanks,
    what about use google a bit? there's about 2.460.000 resuls for "Can't mass-assign protected attributes:" query

    set attr_accessible in your model(s)

    tom

    --
    ===============================================================================
    Tomas Meinlschmidt, MS {MCT, MCP+I, MCSE, AER}, NetApp Filer/NetCache

    www.meinlschmidt.com www.maxwellrender.cz www.lightgems.cz
    ===============================================================================

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Lucas J. at Apr 8, 2012 at 2:11 am
    Thanks, Jeffrey. I just wanted to ensure that I was on the right track
    and that I wasn't setting myself up for more problems later.

    Tom - I tried google first (I always do). My attributes are already set
    to attr_accessible in my models (there are only three at this point),
    which is why I was so confused. I'm sure there's something I'm
    overlooking but I'm not going to spend too much more time on it since I
    have a working solution at this point.

    --
    Posted via http://www.ruby-forum.com/.

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Frederick Cheung at Apr 8, 2012 at 11:52 am

    On Apr 8, 3:11 am, "Lucas J." wrote:
    Thanks, Jeffrey.  I just wanted to ensure that I was on the right track
    and that I wasn't setting myself up for more problems later.

    Tom - I tried google first (I always do).  My attributes are already set
    to attr_accessible in my models (there are only three at this point),
    which is why I was so confused.  I'm sure there's something I'm
    overlooking but I'm not going to spend too much more time on it since I
    have a working solution at this point.
    If you want to be able to do line_items.build(product: p) you need to
    mark product as attr_accessible too. The mass assignment stuff doesn't
    know what things are database attributes, virtual attributes,
    associations etc.

    Fred

    --
    Posted viahttp://www.ruby-forum.com/.
    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • 吴冉波 at Nov 1, 2013 at 11:37 am
    maybe you miss the code in the book:

    file: line_item.rb
    belong_to :product
    belong_to :cart

    then, the line_item has the attr product.



    On Sunday, April 8, 2012 7:14:31 AM UTC+8, Ruby-Forum.com User wrote:

    I am new to Ruby and to Rails (using Ruby 1.9.3 and Rails 3.2.3) so I
    picked up the Agile Web Development book and have been working through
    it (apologies if this isn't the correct place for this question but the
    pragprog forums don't seem to work for me). I am currently working
    through the book and have reached the point where I am adding
    functionality to an "Add to Cart" button. Here is the code that was
    provided for the 'create' method in the line_item_controller:

    def create

    @cart = current_cart
    product = Product.find(params[:product_id])
    @line_item = @cart.line_items.build(product: product)

    ...

    end

    This results in the following error when I click "Add to Cart"

    Can't mass-assign protected attributes: product

    Can anyone shed some light on what is going on here (my search-fu has
    failed me)? The only way that I have been able to get this to work is
    by changing the code (starting at @line_item) to:

    @line_item = @cart.line_items.build
    @line_item.product = product

    Is this correct or is it just a band-aid fix that may cause issues going
    forward?

    Thanks,

    --
    Posted via http://www.ruby-forum.com/.
    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/83006756-e583-4fd6-8447-5deb2a82bc3f%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedApr 7, '12 at 11:14p
activeNov 1, '13 at 11:37a
posts6
users5
websiterubyonrails.org
irc#RubyOnRails

People

Translate

site design / logo © 2021 Grokbase