Hi Phillip, If your roles param is an array, you should tell strong parameters explicitly like this:
params[:user].permit(:id, :email, :password, :roles => []) Excepted from the doc: To declare that the value in params must be an array of permitted scalar values map the key to an empty array: params.permit(:id => []) On Tuesday, November 19, 2013 at 9:21 AM, Walter Lee Davis wrote: > Okay, try this: > > @user = User.new(params[:user].permit(:id, :email, :password, > :password_confirmation, :roles)) > > And if that doesn't do it, then I need to see the raw parameters from your > form submission (they will be in your console). > > Walter > > On Nov 18, 2013, at 6:00 PM, Phillip wrote: > > > Just the users table, "role_mask" the one we want? Here is the users from > > schema.rb > > > > create_table "users", force: true do |t| > > t.string "email", default: "", null: false > > t.string "encrypted_password", default: "", null: false > > t.string "reset_password_token" > > t.datetime "reset_password_sent_at" > > t.datetime "remember_created_at" > > t.integer "sign_in_count", default: 0, null: false > > t.datetime "current_sign_in_at" > > t.datetime "last_sign_in_at" > > t.string "current_sign_in_ip" > > t.string "last_sign_in_ip" > > t.datetime "created_at" > > t.datetime "updated_at" > > t.integer "roles_mask" > > end > > > > > > > > On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote: > > Okay, so now you know that strong parameters is the problem. Go into your > > schema, copy the entire table definition, and paste it here. This will be > > easy to fix, just have to see what the actual column name is that you need > > to whitelist. > > > > Don't just leave your controller like this, you are not safe. > > > > Walter > > > > On Nov 18, 2013, at 5:50 PM, Phillip wrote: > > > > > Yes! That works. Thanks Walter. > > > > > > (code now...) > > > def create > > > @user = User.new(params[:user].permit!) > > > > > > On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote: > > > Okay, try this (just to see if it saves at all): > > > > > > params[:user].permit! > > > > > > That turns off strong parameters entirely, so let's see if your value is > > > getting saved. > > > > > > Walter > > > > > > On Nov 18, 2013, at 4:41 PM, Phillip wrote: > > > > > > > Ah yes, in console I have a line(when creating a user) saying.... > > > > > > > > Unpermitted parameters: password_confirmation, roles > > > > > > > > > > > > I tried... > > > > > > > > def create > > > > @user = User.new(params[:user].permit(:id, :email, :password, > > > > :roles_mask)) > > > > ...etc... > > > > > > > > > > > > and... > > > > > > > > def create > > > > @user = User.new(params[:user].permit(:id, :email, :password, > > > > :roles_mask[:roles])) > > > > > > > > > > > > and.... > > > > > > > > def create > > > > @user = User.new(params[:user].permit(:id, :email, :password, :roles)) > > > > > > > > > > > > But none save the roles. The roles_mask col in the users table is an > > > > integer. It explains the process in the link mentioned on my first > > > > post. Using a "bitmask". > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote: > > > > Also, watch your console as you update, and see if there's a warning > > > > about illegal attributes not being saved. > > > > > > > > Walter > > > > > > > > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: > > > > > > > > > Aha. You have a method called roles, but you're storing this in > > > > > roles_mask? Which is a string? You should try adding roles_mask in > > > > > the strong parameters, I think. > > > > > > > > > > Walter > > > > > > > > > > > > > > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: > > > > > > > > > > > Hi Walter, > > > > > > > > > > > > Thanks for reply. > > > > > > > > > > > > Yes I have added in roles, but perhaps I am doing it wrong? Here is > > > > > > my users controller for creating and updating... > > > > > > > > > > > > > > > > > > def create > > > > > > @user = User.new(params[:user].permit(:email, :password, :roles)) > > > > > > # authorize! :manage, @users > > > > > > > > > > > > respond_to do |format| > > > > > > if @user.save > > > > > > format.html { redirect_to(@user, :notice => 'User was successfully > > > > > > created.') } > > > > > > format.xml { render :xml => @user, :status => :created, :location > > > > > > => @user } > > > > > > else > > > > > > format.html { render :action => "new" } > > > > > > format.xml { render :xml => @user.errors, :status => > > > > > > :unprocessable_entity } > > > > > > end > > > > > > end > > > > > > end > > > > > > > > > > > > # PUT /users/1 > > > > > > # PUT /users/1.xml > > > > > > def update > > > > > > @user = User.find(params[:id]) > > > > > > > > > > > > respond_to do |format| > > > > > > if @user.update(params[:user].permit(:email, :password, :roles)) > > > > > > format.html { redirect_to(@user, :notice => 'User was successfully > > > > > > updated.') } > > > > > > format.xml { head :ok } > > > > > > else > > > > > > format.html { render :action => "edit" } > > > > > > format.xml { render :xml => @user.errors, :status => > > > > > > :unprocessable_entity } > > > > > > end > > > > > > end > > > > > > end > > > > > > > > > > > > > > > > > > > > > > > > On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: > > > > > > Hi, > > > > > > > > > > > > (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. > > > > > > sqlite db for local development) > > > > > > > > > > > > I am a rookie, setting up website and was adding roles(using cancan > > > > > > gem) to my users table. Everything works great, except when I > > > > > > select a role for a user it is not getting saved. The user gets > > > > > > saved/created OK but it never updates/ remembers any roles assigned > > > > > > to the user. > > > > > > > > > > > > I was following the advice given here(Many roles per user). Any > > > > > > help or advice is most appreciated... > > > > > > > > > > > > https://github.com/ryanb/cancan/wiki/role-based-authorization > > > > > > > > > > > > Here is my users form... > > > > > > > > > > > > <%= form_for(@user) do |f| %> > > > > > > <div class="field"> > > > > > > <%= f.label :email %><br /> > > > > > > <%= f.text_field :email %> > > > > > > </div> > > > > > > <% if @current_method == "new" %> > > > > > > <div class="field"> > > > > > > <%= f.label :password %><br /> > > > > > > <%= f.password_field :password %> > > > > > > </div> > > > > > > <div class="field"> > > > > > > <%= f.label :password_confirmation %><br /> > > > > > > <%= f.password_field :password_confirmation %> > > > > > > </div> > > > > > > <% end %> > > > > > > <% for role in User::ROLES %> > > > > > > <%= check_box_tag "user[roles][#{role}]", role, > > > > > > @user.roles.include?(role), {:name => "user[roles][]"}%> > > > > > > <%= label_tag "user_roles_#{role}", role.humanize %><br /> > > > > > > <% end %> > > > > > > <%= hidden_field_tag "user[roles][]", "" %> > > > > > > <div class="actions"> > > > > > > <%= f.submit %> > > > > > > </div> > > > > > > <% end %> > > > > > > > > > > > > > > > > > > > > > > > > # /app/model/user.rb > > > > > > > > > > > > class User < ActiveRecord::Base > > > > > > > > > > > > ROLES = %w[admin blog_author] > > > > > > > > > > > > def roles=(roles) > > > > > > self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) > > > > > > }.inject(0, :+) > > > > > > end > > > > > > > > > > > > def roles > > > > > > ROLES.reject do |r| > > > > > > ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? > > > > > > end > > > > > > end > > > > > > > > > > > > def is?(role) > > > > > > roles.include?(role.to_s) > > > > > > end > > > > > > > > > > > > # Include default devise modules. Others available are: > > > > > > # :confirmable, :lockable, :timeoutable and :omniauthable > > > > > > devise :database_authenticatable, :registerable, :recoverable, > > > > > > :rememberable, :trackable, :validatable > > > > > > end > > > > > > > > > > > > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > > > > Groups "Ruby on Rails: Talk" group. > > > > > > To unsubscribe from this group and stop receiving emails from it, > > > > > > send an email to rubyonrails-ta...@googlegroups.com > > > > > > (http://googlegroups.com). > > > > > > To post to this group, send email to rubyonra...@googlegroups.com > > > > > > (http://googlegroups.com). > > > > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com. > > > > > > > > > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > > > > > > > > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > > Groups "Ruby on Rails: Talk" group. > > > > > To unsubscribe from this group and stop receiving emails from it, > > > > > send an email to rubyonrails-ta...@googlegroups.com > > > > > (http://googlegroups.com). > > > > > To post to this group, send email to rubyonra...@googlegroups.com > > > > > (http://googlegroups.com). > > > > > To view this discussion on the web visit > > > > > https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com. > > > > > > > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > > > > > > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Ruby on Rails: Talk" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > > > an email to rubyonrails-ta...@googlegroups.com > > > > (http://googlegroups.com). > > > > To post to this group, send email to rubyonra...@googlegroups.com > > > > (http://googlegroups.com). > > > > To view this discussion on the web visit > > > > https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com. > > > > > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > > > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Ruby on Rails: Talk" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to rubyonrails-ta...@googlegroups.com (http://googlegroups.com). > > > To post to this group, send email to rubyonra...@googlegroups.com > > > (http://googlegroups.com). > > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com. > > > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ruby on Rails: Talk" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to rubyonrails-talk+unsubscr...@googlegroups.com > > (mailto:rubyonrails-talk+unsubscr...@googlegroups.com). > > To post to this group, send email to rubyonrails-talk@googlegroups.com > > (mailto:rubyonrails-talk@googlegroups.com). > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscr...@googlegroups.com > (mailto:rubyonrails-talk+unsubscr...@googlegroups.com). > To post to this group, send email to rubyonrails-talk@googlegroups.com > (mailto:rubyonrails-talk@googlegroups.com). > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/DE9FECB77E434DBAA53314B7666EBF41%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.