Okay, so now you know that strong parameters is the problem. Go into your
schema, copy the entire table definition, and paste it here. This will be easy
to fix, just have to see what the actual column name is that you need to
whitelist.
Don't just leave your controller like this, you are not safe.
Walter
On Nov 18, 2013, at 5:50 PM, Phillip wrote:
> Yes! That works. Thanks Walter.
>
> (code now...)
> def create
> @user = User.new(params[:user].permit!)
>
> On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote:
> Okay, try this (just to see if it saves at all):
>
> params[:user].permit!
>
> That turns off strong parameters entirely, so let's see if your value is
> getting saved.
>
> Walter
>
> On Nov 18, 2013, at 4:41 PM, Phillip wrote:
>
> > Ah yes, in console I have a line(when creating a user) saying....
> >
> > Unpermitted parameters: password_confirmation, roles
> >
> >
> > I tried...
> >
> > def create
> > @user = User.new(params[:user].permit(:id, :email, :password,
> > :roles_mask))
> > ...etc...
> >
> >
> > and...
> >
> > def create
> > @user = User.new(params[:user].permit(:id, :email, :password,
> > :roles_mask[:roles]))
> >
> >
> > and....
> >
> > def create
> > @user = User.new(params[:user].permit(:id, :email, :password, :roles))
> >
> >
> > But none save the roles. The roles_mask col in the users table is an
> > integer. It explains the process in the link mentioned on my first post.
> > Using a "bitmask".
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote:
> > Also, watch your console as you update, and see if there's a warning about
> > illegal attributes not being saved.
> >
> > Walter
> >
> > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote:
> >
> > > Aha. You have a method called roles, but you're storing this in
> > > roles_mask? Which is a string? You should try adding roles_mask in the
> > > strong parameters, I think.
> > >
> > > Walter
> > >
> > >
> > > On Nov 18, 2013, at 3:50 PM, Phillip wrote:
> > >
> > >> Hi Walter,
> > >>
> > >> Thanks for reply.
> > >>
> > >> Yes I have added in roles, but perhaps I am doing it wrong? Here is my
> > >> users controller for creating and updating...
> > >>
> > >>
> > >> def create
> > >> @user = User.new(params[:user].permit(:email, :password, :roles))
> > >> # authorize! :manage, @users
> > >>
> > >> respond_to do |format|
> > >> if @user.save
> > >> format.html { redirect_to(@user, :notice => 'User was
> > >> successfully created.') }
> > >> format.xml { render :xml => @user, :status => :created,
> > >> :location => @user }
> > >> else
> > >> format.html { render :action => "new" }
> > >> format.xml { render :xml => @user.errors, :status =>
> > >> :unprocessable_entity }
> > >> end
> > >> end
> > >> end
> > >>
> > >> # PUT /users/1
> > >> # PUT /users/1.xml
> > >> def update
> > >> @user = User.find(params[:id])
> > >>
> > >> respond_to do |format|
> > >> if @user.update(params[:user].permit(:email, :password, :roles))
> > >> format.html { redirect_to(@user, :notice => 'User was
> > >> successfully updated.') }
> > >> format.xml { head :ok }
> > >> else
> > >> format.html { render :action => "edit" }
> > >> format.xml { render :xml => @user.errors, :status =>
> > >> :unprocessable_entity }
> > >> end
> > >> end
> > >> end
> > >>
> > >>
> > >>
> > >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote:
> > >> Hi,
> > >>
> > >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite db
> > >> for local development)
> > >>
> > >> I am a rookie, setting up website and was adding roles(using cancan gem)
> > >> to my users table. Everything works great, except when I select a role
> > >> for a user it is not getting saved. The user gets saved/created OK but
> > >> it never updates/ remembers any roles assigned to the user.
> > >>
> > >> I was following the advice given here(Many roles per user). Any help or
> > >> advice is most appreciated...
> > >>
> > >> https://github.com/ryanb/cancan/wiki/role-based-authorization
> > >>
> > >> Here is my users form...
> > >>
> > >> <%= form_for(@user) do |f| %>
> > >> <div class="field">
> > >> <%= f.label :email %><br />
> > >> <%= f.text_field :email %>
> > >> </div>
> > >> <% if @current_method == "new" %>
> > >> <div class="field">
> > >> <%= f.label :password %><br />
> > >> <%= f.password_field :password %>
> > >> </div>
> > >> <div class="field">
> > >> <%= f.label :password_confirmation %><br />
> > >> <%= f.password_field :password_confirmation %>
> > >> </div>
> > >> <% end %>
> > >> <% for role in User::ROLES %>
> > >> <%= check_box_tag "user[roles][#{role}]", role,
> > >> @user.roles.include?(role), {:name => "user[roles][]"}%>
> > >> <%= label_tag "user_roles_#{role}", role.humanize %><br />
> > >> <% end %>
> > >> <%= hidden_field_tag "user[roles][]", "" %>
> > >> <div class="actions">
> > >> <%= f.submit %>
> > >> </div>
> > >> <% end %>
> > >>
> > >>
> > >>
> > >> # /app/model/user.rb
> > >>
> > >> class User < ActiveRecord::Base
> > >>
> > >> ROLES = %w[admin blog_author]
> > >>
> > >> def roles=(roles)
> > >> self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r)
> > >> }.inject(0, :+)
> > >> end
> > >>
> > >> def roles
> > >> ROLES.reject do |r|
> > >> ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
> > >> end
> > >> end
> > >>
> > >> def is?(role)
> > >> roles.include?(role.to_s)
> > >> end
> > >>
> > >> # Include default devise modules. Others available are:
> > >> # :confirmable, :lockable, :timeoutable and :omniauthable
> > >> devise :database_authenticatable, :registerable, :recoverable,
> > >> :rememberable, :trackable, :validatable
> > >> end
> > >>
> > >>
> > >> --
> > >> You received this message because you are subscribed to the Google
> > >> Groups "Ruby on Rails: Talk" group.
> > >> To unsubscribe from this group and stop receiving emails from it, send
> > >> an email to rubyonrails-ta...@googlegroups.com.
> > >> To post to this group, send email to rubyonra...@googlegroups.com.
> > >> To view this discussion on the web visit
> > >> https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
> > >>
> > >> For more options, visit https://groups.google.com/groups/opt_out.
> > >
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > > "Ruby on Rails: Talk" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an
> > > email to rubyonrails-ta...@googlegroups.com.
> > > To post to this group, send email to rubyonra...@googlegroups.com.
> > > To view this discussion on the web visit
> > > https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
> > >
> > > For more options, visit https://groups.google.com/groups/opt_out.
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Ruby on Rails: Talk" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to rubyonrails-ta...@googlegroups.com.
> > To post to this group, send email to rubyonra...@googlegroups.com.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
> >
> > For more options, visit https://groups.google.com/groups/opt_out.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-talk+unsubscr...@googlegroups.com.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/A03A30B2-3ED6-49F4-AA4D-26B2F14A1C15%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.
