small medium large xlarge

02 Apr 2012, 11:03
liding (1 post)

Can’t mass-assign protected attributes: product

rails -v Rails 3.2.3

in my book : @line_items = => product )

ebook: @line_item = product)

============== ActiveModel::MassAssignmentSecurity::Error in LineItemsController#create

Can’t mass-assign protected attributes: product

Rails.root: d:/lidingworks/depot Application Trace | Framework Trace | Full Trace

app/controllers/line_items_controller.rb:46:in `create’

08 Apr 2012, 18:04
Terry Cline (1 post)

I solved this problem (same rails version) by changing the build call to: build(:product_id => Same problem in the functional test.

19 Apr 2012, 21:06
Ingo Klemm (5 posts)

I had the same problem.

Feels good not to be alone on the planet of bugs…

( and having someone who solved the problem… )

03 May 2012, 07:14
Thomas van der Heijden (1 post)

Terry’s solution did not work for me. What did work was:

@line_item =
@line_item.product = product

Now could somebody please explain why this works and the original line doesn’t? To me they look like doing exactly the same thing.

24 May 2012, 04:03
Sha Mah (1 post)

same issue. Thomas van der Heijden, thanks for your solution! though sample project form rails32/depot_f/ works fine with the same code but not mine! Why?

upd: config/application.rb: config.active_record.whitelist_attributes = true by default in rails 3.2.3

upd: explanation:

01 Jun 2012, 15:57
Amanda Bergeron (1 post)

I fixed it by going into app/models/line_item.rb and adding:

class LineItem < ActiveRecord::Base

belongs_to :product belongs_to :cart

attr_accessible :cart_id, :product_id end

01 Jun 2012, 16:57
Christopher Govender (2 posts)

Terry’s solution worked for me. Tried Amanda’s and it didn’t. Sha Ma’s link helped with understanding it all.

01 Jun 2012, 18:32
Christopher Govender (2 posts)

Now note …

Before you update /db/migrate/20110711000004_add_quantity_to_line_items.rb as on page 115 and before you rake db:migrate, you should follow Sha Ma’s tip.

Go to /models/line_item.rb and add the following … class LineItem < ActiveRecord::Base belongs_to :product belongs_to :cart attr_accessible :cart_id, :product_id, :quantity end

Then rake db:migrate will succeed

19 Jun 2012, 00:31
Andrew Gellene (33 posts)

I tried the <pre>@line_item = =>

solution and it worked for me. My guess is that because is defined as a getter and setter that I can assign it. But because all the attributes of product are not this fails:

@line_item = product)

is that right?

22 Jun 2012, 11:20
Andrew Gellene (33 posts)

This will also show up in the Check Out chapter when you run tests. I made the tests pass by putting making cart and product accessible from the line_items model. So the beginning of the line_items model is this:

class LineItem < ActiveRecord::Base
  attr_accessible :cart_id, :product_id, :quantity, :order_id, :product, :cart
  belongs_to :cart
  belongs_to :product

05 Jul 2012, 08:47
Antony Yermolenko (1 post)

2 Andrew Gellene Thanks, it solved my problem. Although i thing this method lowers the “security” of this project ))

10 Jul 2012, 17:06
Sergey Zhizhin (1 post)

In my case there is :product_id in LineItem attr_accessible:

attr_accessible :cart_id, :product_id

So i changed :product => product in build’s attributes to :product_id => and it works.

@line_item = =>
27 Sep 2012, 03:46
Scott Landes (1 post)

Hi Andrew, your solution fixed it for me. Thanks so much!

15 Oct 2012, 13:49
Todd Pickell (1 post)

Thomas van der Heijden’s solution worked on mine. Thank you!

19 Oct 2012, 02:28
Zhao Jiahui (1 post)

i have the same problem. and with rails 3.2.6 and ruby 1.9.3p194 i solved my problem below:

class LineItem < ActiveRecord::Base attr_accessible :cart_id, :product_id, :product, :cart
belongs_to :product
belongs_to :cart end
i add the :product and :cart after attr_accessible

17 Nov 2012, 12:23
iamprogram mers (1 post)

Andrew Gellene solution is working for me. As Antony Yermolenko says, it’s lowers the ‘security’? ( I still a newbie so don’t understand) and Sergey Zhizhin solution is working for me too. I prefer Sergey Zhizhin since the book says the ‘id’ is the most important thing. :)

13 Mar 2013, 15:22
Krasimir Slavkov (1 post)

I put in models, (line_item.rb) only the next additional line: attr_accessible :product, :cart and it is working. The Sha Mah suggestion(in ..\config\application.rb with config.active_record.whitelist_attributes = false) is working but I’m not sure for secur viol, and I use attr_acc..= :product, :cart I did not change @line_item = product) in line_item_controler.rb

Thanks everybody!!!!!

You must be logged in to comment