Use strong parameters for ClosetList

app/controllers/closet_lists_controller.rb

@@ -3,7 +3,7 @@ class ClosetListsController < ApplicationController
   before_filter :find_closet_list, :only => [:edit, :update, :destroy]
 
   def create
-    @closet_list = current_user.closet_lists.build params[:closet_list]
+    @closet_list = current_user.closet_lists.build closet_list_params
     if @closet_list.save
       save_successful!
     else
@@ -19,11 +19,11 @@ class ClosetListsController < ApplicationController
   end
 
   def new
-    @closet_list = current_user.closet_lists.build params[:closet_list]
+    @closet_list = current_user.closet_lists.build closet_list_params
   end
 
   def update
-    if @closet_list.update_attributes(params[:closet_list])
+    if @closet_list.update_attributes(closet_list_params)
       save_successful!
     else
       save_failed!
@@ -33,6 +33,11 @@ class ClosetListsController < ApplicationController
 
   protected
 
+  def closet_list_params
+    params.require(:closet_list).permit(
+      :description, :hangers_owned, :name, :visibility)
+  end
+
   def find_closet_list
     @closet_list = current_user.closet_lists.find params[:id]
   end

app/models/closet_list.rb

@@ -3,8 +3,6 @@ class ClosetList < ActiveRecord::Base
   has_many :hangers, :class_name => 'ClosetHanger', :foreign_key => 'list_id'
   # Nullification of associated records occurs in the ClosetListObserver.
 
-  attr_accessible :description, :hangers_owned, :name, :visibility
-
   validates :name, :presence => true, :uniqueness => {:scope => :user_id}
   validates :user, :presence => true
   validates :hangers_owned, :inclusion => {:in => [true, false], :message => "can't be blank"}