+1. @rubysolo the documentation of strong parameters states that Using a private method to encapsulate the permissible parameters is just a good pattern, so what do you think of respond_to?(whitelist_method, true) instead of respond_to?(whitelist_method) ?

👍 I'm down with that.

Sorry if this is way off-topic, but anyone have any experience with using InheritedResources with ActiveAdmin? @latortuga said that this pull request was adding support for StrongParameters in InheritedResources, but looking at it again, I don't see any calls to permit here and it appears to just be adding similar behavior to SP. Is support for SP being added to IR, and if it is, will it support the ability to permit all parameters regardless of whether they relate to actual methods (attribute or otherwise), because that is something that AA needs, because of some password field related behavior it provides, as discussed here were a patch for SP in AA was being discussed (and AA uses IR heavily, so it would be better to do in IR): activeadmin/activeadmin#1731 Thanks.

Just saw: #236 - sorry for interrupting. Looks like calls to SP's permits are not getting added but that is something each person can put in themselves.

You're right, this is not Strong Parameters proper, but the ability to do whitelisting in the controller similarly to SP. This patch should probably be revisited now that SP is more fully-baked and will be included in Rails 4.

Yeah, since they are axing mass assignment security and SP isn't optional, we're going ahead and using Strong Parameters with Rails 3.2.8 (and ActiveAdmin which uses InheritedResources) and hitting pain head-on: https://github.com/rails/strong_parameters

Closing this in favour of using strong parameters. Happy to accept a PR to integrate that. thx