Okay, try this: @user = User.new(params[:user].permit(:id, :email, :password, :password_confirmation, :roles))
And if that doesn't do it, then I need to see the raw parameters from your form submission (they will be in your console). Walter On Nov 18, 2013, at 6:00 PM, Phillip wrote: > Just the users table, "role_mask" the one we want? Here is the users from > schema.rb > > create_table "users", force: true do |t| > t.string "email", default: "", null: false > t.string "encrypted_password", default: "", null: false > t.string "reset_password_token" > t.datetime "reset_password_sent_at" > t.datetime "remember_created_at" > t.integer "sign_in_count", default: 0, null: false > t.datetime "current_sign_in_at" > t.datetime "last_sign_in_at" > t.string "current_sign_in_ip" > t.string "last_sign_in_ip" > t.datetime "created_at" > t.datetime "updated_at" > t.integer "roles_mask" > end > > > > On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote: > Okay, so now you know that strong parameters is the problem. Go into your > schema, copy the entire table definition, and paste it here. This will be > easy to fix, just have to see what the actual column name is that you need to > whitelist. > > Don't just leave your controller like this, you are not safe. > > Walter > > On Nov 18, 2013, at 5:50 PM, Phillip wrote: > > > Yes! That works. Thanks Walter. > > > > (code now...) > > def create > > @user = User.new(params[:user].permit!) > > > > On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote: > > Okay, try this (just to see if it saves at all): > > > > params[:user].permit! > > > > That turns off strong parameters entirely, so let's see if your value is > > getting saved. > > > > Walter > > > > On Nov 18, 2013, at 4:41 PM, Phillip wrote: > > > > > Ah yes, in console I have a line(when creating a user) saying.... > > > > > > Unpermitted parameters: password_confirmation, roles > > > > > > > > > I tried... > > > > > > def create > > > @user = User.new(params[:user].permit(:id, :email, :password, > > > :roles_mask)) > > > ...etc... > > > > > > > > > and... > > > > > > def create > > > @user = User.new(params[:user].permit(:id, :email, :password, > > > :roles_mask[:roles])) > > > > > > > > > and.... > > > > > > def create > > > @user = User.new(params[:user].permit(:id, :email, :password, > > > :roles)) > > > > > > > > > But none save the roles. The roles_mask col in the users table is an > > > integer. It explains the process in the link mentioned on my first post. > > > Using a "bitmask". > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote: > > > Also, watch your console as you update, and see if there's a warning > > > about illegal attributes not being saved. > > > > > > Walter > > > > > > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: > > > > > > > Aha. You have a method called roles, but you're storing this in > > > > roles_mask? Which is a string? You should try adding roles_mask in the > > > > strong parameters, I think. > > > > > > > > Walter > > > > > > > > > > > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: > > > > > > > >> Hi Walter, > > > >> > > > >> Thanks for reply. > > > >> > > > >> Yes I have added in roles, but perhaps I am doing it wrong? Here is my > > > >> users controller for creating and updating... > > > >> > > > >> > > > >> def create > > > >> @user = User.new(params[:user].permit(:email, :password, :roles)) > > > >> # authorize! :manage, @users > > > >> > > > >> respond_to do |format| > > > >> if @user.save > > > >> format.html { redirect_to(@user, :notice => 'User was > > > >> successfully created.') } > > > >> format.xml { render :xml => @user, :status => :created, > > > >> :location => @user } > > > >> else > > > >> format.html { render :action => "new" } > > > >> format.xml { render :xml => @user.errors, :status => > > > >> :unprocessable_entity } > > > >> end > > > >> end > > > >> end > > > >> > > > >> # PUT /users/1 > > > >> # PUT /users/1.xml > > > >> def update > > > >> @user = User.find(params[:id]) > > > >> > > > >> respond_to do |format| > > > >> if @user.update(params[:user].permit(:email, :password, :roles)) > > > >> format.html { redirect_to(@user, :notice => 'User was > > > >> successfully updated.') } > > > >> format.xml { head :ok } > > > >> else > > > >> format.html { render :action => "edit" } > > > >> format.xml { render :xml => @user.errors, :status => > > > >> :unprocessable_entity } > > > >> end > > > >> end > > > >> end > > > >> > > > >> > > > >> > > > >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: > > > >> Hi, > > > >> > > > >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite > > > >> db for local development) > > > >> > > > >> I am a rookie, setting up website and was adding roles(using cancan > > > >> gem) to my users table. Everything works great, except when I select a > > > >> role for a user it is not getting saved. The user gets saved/created > > > >> OK but it never updates/ remembers any roles assigned to the user. > > > >> > > > >> I was following the advice given here(Many roles per user). Any help > > > >> or advice is most appreciated... > > > >> > > > >> https://github.com/ryanb/cancan/wiki/role-based-authorization > > > >> > > > >> Here is my users form... > > > >> > > > >> <%= form_for(@user) do |f| %> > > > >> <div class="field"> > > > >> <%= f.label :email %><br /> > > > >> <%= f.text_field :email %> > > > >> </div> > > > >> <% if @current_method == "new" %> > > > >> <div class="field"> > > > >> <%= f.label :password %><br /> > > > >> <%= f.password_field :password %> > > > >> </div> > > > >> <div class="field"> > > > >> <%= f.label :password_confirmation %><br /> > > > >> <%= f.password_field :password_confirmation %> > > > >> </div> > > > >> <% end %> > > > >> <% for role in User::ROLES %> > > > >> <%= check_box_tag "user[roles][#{role}]", role, > > > >> @user.roles.include?(role), {:name => "user[roles][]"}%> > > > >> <%= label_tag "user_roles_#{role}", role.humanize %><br /> > > > >> <% end %> > > > >> <%= hidden_field_tag "user[roles][]", "" %> > > > >> <div class="actions"> > > > >> <%= f.submit %> > > > >> </div> > > > >> <% end %> > > > >> > > > >> > > > >> > > > >> # /app/model/user.rb > > > >> > > > >> class User < ActiveRecord::Base > > > >> > > > >> ROLES = %w[admin blog_author] > > > >> > > > >> def roles=(roles) > > > >> self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) > > > >> }.inject(0, :+) > > > >> end > > > >> > > > >> def roles > > > >> ROLES.reject do |r| > > > >> ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? > > > >> end > > > >> end > > > >> > > > >> def is?(role) > > > >> roles.include?(role.to_s) > > > >> end > > > >> > > > >> # Include default devise modules. Others available are: > > > >> # :confirmable, :lockable, :timeoutable and :omniauthable > > > >> devise :database_authenticatable, :registerable, :recoverable, > > > >> :rememberable, :trackable, :validatable > > > >> end > > > >> > > > >> > > > >> -- > > > >> You received this message because you are subscribed to the Google > > > >> Groups "Ruby on Rails: Talk" group. > > > >> To unsubscribe from this group and stop receiving emails from it, send > > > >> an email to rubyonrails-ta...@googlegroups.com. > > > >> To post to this group, send email to rubyonra...@googlegroups.com. > > > >> To view this discussion on the web visit > > > >> https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com. > > > >> > > > >> For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Ruby on Rails: Talk" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > > > an email to rubyonrails-ta...@googlegroups.com. > > > > To post to this group, send email to rubyonra...@googlegroups.com. > > > > To view this discussion on the web visit > > > > https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com. > > > > > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Ruby on Rails: Talk" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to rubyonrails-ta...@googlegroups.com. > > > To post to this group, send email to rubyonra...@googlegroups.com. > > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com. > > > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ruby on Rails: Talk" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to rubyonrails-ta...@googlegroups.com. > > To post to this group, send email to rubyonra...@googlegroups.com. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com. > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscr...@googlegroups.com. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com. For more options, visit https://groups.google.com/groups/opt_out.