Rails 4 strong parameters ForbiddenAttributesError - как исправить?

medicines_controller.rb

class MedicinesController < ApplicationController
  filter_resource_access
  before_action :set_medicine, only: [:show, :edit, :update, :destroy]

  # GET /medicines
  # GET /medicines.json
  def index
    @medicines = Medicine.all
  end

  # GET /medicines/1
  # GET /medicines/1.json
  def show

  end

  # GET /medicines/new
  def new
    @medicine = Medicine.new
  end

  # GET /medicines/1/edit
  def edit
  end

  # POST /medicines
  # POST /medicines.json
  def create
    @medicine = Medicine.new(medicine_params)

    respond_to do |format|
      if @medicine.save
        format.html { redirect_to @medicine, notice: 'Medicine was successfully created.' }
        format.json { render action: 'show', status: :created, location: @medicine }
      else
        format.html { render action: 'new' }
        format.json { render json: @medicine.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /medicines/1
  # PATCH/PUT /medicines/1.json
  def update
    respond_to do |format|
      if @medicine.update(medicine_params)
        format.html { redirect_to @medicine, notice: 'Medicine was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @medicine.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /medicines/1
  # DELETE /medicines/1.json
  def destroy
    @medicine.destroy
    respond_to do |format|
      format.html { redirect_to medicines_url }
      format.json { head :no_content }
    end
  end

  private
    def set_medicine
      @medicine = Medicine.find(params[:id])
    end

    def medicine_params
      params.require(:medicine).permit( :company, :name, :med_type, :price, :batch, :expiration_date, :quantity)
    end
end

medicine.rb

class Medicine < ActiveRecord::Base

  has_many :positions, dependent: :destroy
  has_many :carts, through: :positions


  validates :company, :presence => {:message => 'Поле "Фирма-изготовитель" должно быть заполнено.'}
  validates :name, :presence=> {:message => 'Поле "Название лекарства" должно быть заполнено.'}
  validates :med_type, :presence=> {:message => 'Поле "Категория" должно быть заполнено.'}
  validates :price, :presence=> {:message => 'Поле "Цена" должно быть заполнено.'},
                    :numericality =>{:greater_than_or_equal_to => 0,:message => 'В поле "Цена" введите значение больше 0.'}
  validates :batch, :presence=> {:message => 'Поле "Номер партии" должно быть заполнено.'}
  validates :quantity, :presence=> {:message => 'Поле "Количество" должно быть заполнено.'},
                       :numericality =>{only_integer: true,:greater_than_or_equal_to => 0,:less_than_or_equal_to => 100,:message => 'В поле "Количество" введите значение от 0 до 100.'}
end