Rails 4.0 & Devise - Strong Parameters error

Question

Newbie to rails here, so bear with me.

New app on Rails 4 with ruby 2.0, I installed Devise and followed the instructions(default root, etc). Devise readme on github says it should be compatible with rails4 but

db:migrate failed unless I commented out attr_accessible line in User.rb
After commenting that out, I get "ActiveModel::ForbiddenAttributesError in Devise::RegistrationsController#create" error in trying to create a user.

I see some stack overflow questions like this, but a lot of the answers jump straight into some complex talk. I get I need to specify permitted attributes for mass assignment, but how? And where? And which attributes need to be permitted, all of them? Only those that I expect to be changed/created at the same time?

Judging by the error would I create a registrations_controller.rb that inherits from Devise::registrationsController ? What do I specify in that?

Any step by step, newbie friendly answers are much appreciated. I've exhausted myself trying different code from answers here and various sites from google searches.

What is the error if you dont comment out the attr_accessible — SG 86
rake db:migrate rake aborted! attr_accessible is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add protected_attributes to your Gemfile to use old one. — bvcm

SG 86 SG 86 · Accepted Answer · 2013-06-26T10:03:47

Welcome to stackoverflow!

The problem is that the functinality of attr_accessible changed in rails 4.0

2 possibilities to get it running

1 Update Devise that it can handle Rails 4.0

Add this line to your application's Gemfile:

gem 'devise', '3.0.0.rc'

And then execute:

$ bundle

2 Add the old functionality of attr_accessible again to rails 4.0

Try to use attr_accessible and dont comment this out.