This video states that it is possible to protect the input coming in via the controller yet still be able to do mass assignment via models and specs. However, I have not seen this documented as a feature when using strong_parameters in 3.2.8.
I understand that I need to mix in ActiveModel::ForbiddenAttributesProtection into my models and set config.active_record.whitelist_attributes = false in config/application.rb. I have also pulled all of my attr_accessible calls from the model.
config.active_record.whitelist_attributes = false
With or without the mixin I am getting mass assignment errors.
Can't mass-assign protected attributes: home_phone, cell_phone
Am I missing something?
Similar issue here, without attr_accessible in some of my models keep saying WARNING: Can't mass-assign protected attributes: account_id.
EDIT: Never mind, It was me, I had a pair of strays 'attr_accessible' that I forget to get rid of.
I have the same issue, using rails 3.2.12
I have set the config.active_record.whitelist_attributes = false in application.rb
but if i go into rails console and type MyApp::Application.config.active_record.whitelist_attributes it returns nil