Unpermitted params security warning

Hello I’m quite new to the rails 4 and I’ve not dealt with this kind of nested security warnings, I basically have a model (receipt), with has many items relation. When I save a receipt, I want to have an options to save many items as well from the same form, I ll skip the ui part and get back to the back end, this is how my params look like, when I print params in the create action :







{**"**1432495749993**"**=>{**"**item**"**=>{**"**name**"**=>**"**ssd**"**, **"**amount**"**=>**"**22**"**, **"**unit_id**"**=>**"**2**"**, **"**quantity**"**=>**"**1**"**, **"**person_id**"**=>**"**2**"**, **"**project_id**"**=>**""**}},

 **"**1432495820856**"**=>{**"**item**"**=>{**"**name**"**=>**"**ds**"**, **"**amount**"**=>**"**22**"**, **"**unit_id**"**=>**"**3**"**, **"**quantity**"**=>**"**1**"**, **"**person_id**"**=>**"**2**"**, **"**project_id**"**=>**""**}}}},



I’ve tried following and more but none of it didn’t work :

params.require(:receipt).permit(:store_id, :purchase_date, :items_attributes)

params.require(:receipt).permit(:store_id, :purchase_date, items_attributes: {1432495749993 => {item => [:name]}})

params.require(:receipt).permit(:store_id, :purchase_date, items_attributes: {1432495749993 => {item => [:name]}}).permit!

params.require(:receipt).permit(:store_id, :purchase_date, items_attributes: {‘1432495749993’ => {‘item’ => [:id, :name, :amount, :unit_id, :quantity, :person_id, :project_id]}})

And my nested params don’t show, this is the best result I got :

{store_id=>2, purchase_date=>05/05/2015, items_attributes=>{1432495749993=>{}=>{}}}

I’m getting to the point when I don’t know what to need to ask somebody for help, what am I doing wrong here?

Nobody knows about this seriously?

try this:

params.require(:receipt).permit(:store_id, :purchase_date, items_attributes: [:name, :amount, :unit_id, :quantity, :person_id, :project_id])


Hi Matt,

Thanks for your response. This is the original params without authenticity token and controller :




"items_attributes"=>{1432688411008=>{item=>{name=>Test, amount=>2.2, unit_id=>2, quantity=>1, person_id=>"", project_id=>2}}}}

This is what I get with what you suggested :

params.require(:receipt).permit(:store_id, :purchase_date, items_attributes: [:name, :amount, :unit_id, :quantity, :person_id, :project_id])

Unpermitted parameters: item

=> {store_id=>3, purchase_date=>05/05/2015, items_attributes=>{1432688411008=>{}}}

Still doesn’t allow me to select items attributes.

you need to read documentation: http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters

Hi George,

Have added following lines to receipt model?

accepts_nested_attributes_for :items,:allow_destroy => true