Strong Parameters & nested attributes don't forget [:id, '_destroy']

Don't forget to place [:id, '_destroy'] in the permit

Eg

Model

class User < Activerecord::Base
  accepts_nested_attributes_for :user_roles, :allow_destroy => true
  has_many :roles, :through => :user_roles
end

Controller

def update
 if @user.update_attributes(user_params)
 #your code here
end
end

private

def user_params
    params.require(:user).permit(:name, user_roles_attributes: [:role_id,:id, '_destroy'])  
end