Ask A Question


You’re not receiving notifications from this thread.

Accepts_nested_attributes_for, I am getting 'unpermitted parameter: :user' and User not entering to DB.

Ryan Mindigo asked in Rails

Hello! I am building an app with Accounts/Users & Memberships via has_many through. I am using Devise and want to create a new user from 'accounts#new" via 'accepts_nested_attributes_for.'

When I fill out the form to create a new Account & User, the Account is being created, but no User. I am seeing 'unpermitted parameter: :user.'

I assume there is something missing in my Controller. Here is the terminal output and code below.

I am able to successfully create a new Account and User in console

  Membership Load (0.4ms)  SELECT  "memberships".* FROM "memberships" WHERE "memberships"."user_id" = ? LIMIT ?  [["user_id", 3], ["LIMIT", 11]]
 => #<ActiveRecord::Associations::CollectionProxy [#<Membership id: 1, user_id: 3, account_id: 6, created_at: "2018-12-30 20:43:07", updated_at: "2018-12-30 20:43:07">]> 

Any help would be greatly appreciated!

Parameters: {"utf8"=>"✓", "authenticity_token"=>"6eMcKYXDsP/XX+LyvCY2/yxnyWThWT3Upjc9WDAEF828iJ4Afdk3Z5X0DP8PKGJSVBR+MM6OxyITx9aFMM9MCw==", "account"=>{"name"=>"chesterfield", "user"=>{"email"=>"", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}}, "commit"=>"Create Account"}
Unpermitted parameter: :user
   (0.1ms)  begin transaction
  SQL (0.5ms)  INSERT INTO "accounts" ("name", "created_at", "updated_at") VALUES (?, ?, ?)  [["name", "chesterfield"], ["created_at", "2019-01-01 17:15:55.817878"], ["updated_at", "2019-01-01 17:15:55.817878"]]
   (41.4ms)  commit transaction
Redirected to http://localhost:3000/accounts/12
Completed 302 Found in 46ms (ActiveRecord: 42.1ms)


 def new
    @account =

     def create
    @account =
    respond_to do |format|
        format.html { redirect_to @account, notice: 'Account was successfully created.' }
        format.json { render :show, status: :created, location: @account }
        format.html { render :new }
        format.json { render json: @account.errors, status: :unprocessable_entity }

    def account_params
      params.require(:account).permit(:name, users_attributes: [:email, :password, :password_confirmation])

Account Form

<%= form_with(model: account, local: true) do |form| %>
  <% if account.errors.any? %>
    <div id="error_explanation">
      <h2><%= pluralize(account.errors.count, "error") %> prohibited this account from being saved:</h2>

      <% account.errors.full_messages.each do |message| %>
        <li><%= message %></li>
      <% end %>
  <% end %>

  <div class="field">
    <%= form.label :name %>
    <%= form.text_field :name, id: :account_name %>

  <div class="field">
    <%= form.fields_for :user do |f| %>
          <div class="field">
            <%= f.label :email %><br />
            <%= f.email_field :email, autofocus: true, autocomplete: "email" %>

          <div class="field">
            <%= f.label :password %>
            <% if @minimum_password_length %>
            <em>(<%= @minimum_password_length %> characters minimum)</em>
            <% end %><br />
            <%= f.password_field :password, autocomplete: "new-password" %>

          <div class="field">
            <%= f.label :password_confirmation %><br />
            <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
    <% end %>      

  <div class="actions">
    <%= form.submit %>
<% end %>


class Account < ApplicationRecord
    has_many :memberships
    has_many :users, through: :memberships
    accepts_nested_attributes_for :users

class User < ApplicationRecord
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable
  has_many :memberships
  has_many :accounts, through: :memberships     

class Membership < ApplicationRecord
  belongs_to :user, optional: true
  belongs_to :account, optional: true

got the answer, needed to add one line to the new action in AccountsController
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 83,038+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.