Hi Phillip,
If your roles param is an array, you should tell strong parameters explicitly
like this:
params[:user].permit(:id, :email, :password, :roles => [])
Excepted from the doc:
To declare that the value in params must be an array of permitted scalar
values map the key to an empty array:
params.permit(:id => [])
On Tuesday, November 19, 2013 at 9:21 AM, Walter Lee Davis wrote:
> Okay, try this:
>
> @user = User.new(params[:user].permit(:id, :email, :password,
> :password_confirmation, :roles))
>
> And if that doesn't do it, then I need to see the raw parameters from your
> form submission (they will be in your console).
>
> Walter
>
> On Nov 18, 2013, at 6:00 PM, Phillip wrote:
>
> > Just the users table, "role_mask" the one we want? Here is the users from
> > schema.rb
> >
> > create_table "users", force: true do |t|
> > t.string "email", default: "", null: false
> > t.string "encrypted_password", default: "", null: false
> > t.string "reset_password_token"
> > t.datetime "reset_password_sent_at"
> > t.datetime "remember_created_at"
> > t.integer "sign_in_count", default: 0, null: false
> > t.datetime "current_sign_in_at"
> > t.datetime "last_sign_in_at"
> > t.string "current_sign_in_ip"
> > t.string "last_sign_in_ip"
> > t.datetime "created_at"
> > t.datetime "updated_at"
> > t.integer "roles_mask"
> > end
> >
> >
> >
> > On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote:
> > Okay, so now you know that strong parameters is the problem. Go into your
> > schema, copy the entire table definition, and paste it here. This will be
> > easy to fix, just have to see what the actual column name is that you need
> > to whitelist.
> >
> > Don't just leave your controller like this, you are not safe.
> >
> > Walter
> >
> > On Nov 18, 2013, at 5:50 PM, Phillip wrote:
> >
> > > Yes! That works. Thanks Walter.
> > >
> > > (code now...)
> > > def create
> > > @user = User.new(params[:user].permit!)
> > >
> > > On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote:
> > > Okay, try this (just to see if it saves at all):
> > >
> > > params[:user].permit!
> > >
> > > That turns off strong parameters entirely, so let's see if your value is
> > > getting saved.
> > >
> > > Walter
> > >
> > > On Nov 18, 2013, at 4:41 PM, Phillip wrote:
> > >
> > > > Ah yes, in console I have a line(when creating a user) saying....
> > > >
> > > > Unpermitted parameters: password_confirmation, roles
> > > >
> > > >
> > > > I tried...
> > > >
> > > > def create
> > > > @user = User.new(params[:user].permit(:id, :email, :password,
> > > > :roles_mask))
> > > > ...etc...
> > > >
> > > >
> > > > and...
> > > >
> > > > def create
> > > > @user = User.new(params[:user].permit(:id, :email, :password,
> > > > :roles_mask[:roles]))
> > > >
> > > >
> > > > and....
> > > >
> > > > def create
> > > > @user = User.new(params[:user].permit(:id, :email, :password, :roles))
> > > >
> > > >
> > > > But none save the roles. The roles_mask col in the users table is an
> > > > integer. It explains the process in the link mentioned on my first
> > > > post. Using a "bitmask".
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote:
> > > > Also, watch your console as you update, and see if there's a warning
> > > > about illegal attributes not being saved.
> > > >
> > > > Walter
> > > >
> > > > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote:
> > > >
> > > > > Aha. You have a method called roles, but you're storing this in
> > > > > roles_mask? Which is a string? You should try adding roles_mask in
> > > > > the strong parameters, I think.
> > > > >
> > > > > Walter
> > > > >
> > > > >
> > > > > On Nov 18, 2013, at 3:50 PM, Phillip wrote:
> > > > >
> > > > > > Hi Walter,
> > > > > >
> > > > > > Thanks for reply.
> > > > > >
> > > > > > Yes I have added in roles, but perhaps I am doing it wrong? Here is
> > > > > > my users controller for creating and updating...
> > > > > >
> > > > > >
> > > > > > def create
> > > > > > @user = User.new(params[:user].permit(:email, :password, :roles))
> > > > > > # authorize! :manage, @users
> > > > > >
> > > > > > respond_to do |format|
> > > > > > if @user.save
> > > > > > format.html { redirect_to(@user, :notice => 'User was successfully
> > > > > > created.') }
> > > > > > format.xml { render :xml => @user, :status => :created, :location
> > > > > > => @user }
> > > > > > else
> > > > > > format.html { render :action => "new" }
> > > > > > format.xml { render :xml => @user.errors, :status =>
> > > > > > :unprocessable_entity }
> > > > > > end
> > > > > > end
> > > > > > end
> > > > > >
> > > > > > # PUT /users/1
> > > > > > # PUT /users/1.xml
> > > > > > def update
> > > > > > @user = User.find(params[:id])
> > > > > >
> > > > > > respond_to do |format|
> > > > > > if @user.update(params[:user].permit(:email, :password, :roles))
> > > > > > format.html { redirect_to(@user, :notice => 'User was successfully
> > > > > > updated.') }
> > > > > > format.xml { head :ok }
> > > > > > else
> > > > > > format.html { render :action => "edit" }
> > > > > > format.xml { render :xml => @user.errors, :status =>
> > > > > > :unprocessable_entity }
> > > > > > end
> > > > > > end
> > > > > > end
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote:
> > > > > > Hi,
> > > > > >
> > > > > > (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems.
> > > > > > sqlite db for local development)
> > > > > >
> > > > > > I am a rookie, setting up website and was adding roles(using cancan
> > > > > > gem) to my users table. Everything works great, except when I
> > > > > > select a role for a user it is not getting saved. The user gets
> > > > > > saved/created OK but it never updates/ remembers any roles assigned
> > > > > > to the user.
> > > > > >
> > > > > > I was following the advice given here(Many roles per user). Any
> > > > > > help or advice is most appreciated...
> > > > > >
> > > > > > https://github.com/ryanb/cancan/wiki/role-based-authorization
> > > > > >
> > > > > > Here is my users form...
> > > > > >
> > > > > > <%= form_for(@user) do |f| %>
> > > > > > <div class="field">
> > > > > > <%= f.label :email %><br />
> > > > > > <%= f.text_field :email %>
> > > > > > </div>
> > > > > > <% if @current_method == "new" %>
> > > > > > <div class="field">
> > > > > > <%= f.label :password %><br />
> > > > > > <%= f.password_field :password %>
> > > > > > </div>
> > > > > > <div class="field">
> > > > > > <%= f.label :password_confirmation %><br />
> > > > > > <%= f.password_field :password_confirmation %>
> > > > > > </div>
> > > > > > <% end %>
> > > > > > <% for role in User::ROLES %>
> > > > > > <%= check_box_tag "user[roles][#{role}]", role,
> > > > > > @user.roles.include?(role), {:name => "user[roles][]"}%>
> > > > > > <%= label_tag "user_roles_#{role}", role.humanize %><br />
> > > > > > <% end %>
> > > > > > <%= hidden_field_tag "user[roles][]", "" %>
> > > > > > <div class="actions">
> > > > > > <%= f.submit %>
> > > > > > </div>
> > > > > > <% end %>
> > > > > >
> > > > > >
> > > > > >
> > > > > > # /app/model/user.rb
> > > > > >
> > > > > > class User < ActiveRecord::Base
> > > > > >
> > > > > > ROLES = %w[admin blog_author]
> > > > > >
> > > > > > def roles=(roles)
> > > > > > self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r)
> > > > > > }.inject(0, :+)
> > > > > > end
> > > > > >
> > > > > > def roles
> > > > > > ROLES.reject do |r|
> > > > > > ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
> > > > > > end
> > > > > > end
> > > > > >
> > > > > > def is?(role)
> > > > > > roles.include?(role.to_s)
> > > > > > end
> > > > > >
> > > > > > # Include default devise modules. Others available are:
> > > > > > # :confirmable, :lockable, :timeoutable and :omniauthable
> > > > > > devise :database_authenticatable, :registerable, :recoverable,
> > > > > > :rememberable, :trackable, :validatable
> > > > > > end
> > > > > >
> > > > > >
> > > > > > --
> > > > > > You received this message because you are subscribed to the Google
> > > > > > Groups "Ruby on Rails: Talk" group.
> > > > > > To unsubscribe from this group and stop receiving emails from it,
> > > > > > send an email to rubyonrails-ta...@googlegroups.com
> > > > > > (http://googlegroups.com).
> > > > > > To post to this group, send email to rubyonra...@googlegroups.com
> > > > > > (http://googlegroups.com).
> > > > > > To view this discussion on the web visit
> > > > > > https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
> > > > > >
> > > > > > For more options, visit https://groups.google.com/groups/opt_out.
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > You received this message because you are subscribed to the Google
> > > > > Groups "Ruby on Rails: Talk" group.
> > > > > To unsubscribe from this group and stop receiving emails from it,
> > > > > send an email to rubyonrails-ta...@googlegroups.com
> > > > > (http://googlegroups.com).
> > > > > To post to this group, send email to rubyonra...@googlegroups.com
> > > > > (http://googlegroups.com).
> > > > > To view this discussion on the web visit
> > > > > https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
> > > > >
> > > > > For more options, visit https://groups.google.com/groups/opt_out.
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > You received this message because you are subscribed to the Google
> > > > Groups "Ruby on Rails: Talk" group.
> > > > To unsubscribe from this group and stop receiving emails from it, send
> > > > an email to rubyonrails-ta...@googlegroups.com
> > > > (http://googlegroups.com).
> > > > To post to this group, send email to rubyonra...@googlegroups.com
> > > > (http://googlegroups.com).
> > > > To view this discussion on the web visit
> > > > https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
> > > >
> > > > For more options, visit https://groups.google.com/groups/opt_out.
> > > >
> > >
> > >
> > >
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > > "Ruby on Rails: Talk" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an
> > > email to rubyonrails-ta...@googlegroups.com (http://googlegroups.com).
> > > To post to this group, send email to rubyonra...@googlegroups.com
> > > (http://googlegroups.com).
> > > To view this discussion on the web visit
> > > https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
> > >
> > > For more options, visit https://groups.google.com/groups/opt_out.
> > >
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Ruby on Rails: Talk" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to rubyonrails-talk+unsubscr...@googlegroups.com
> > (mailto:rubyonrails-talk+unsubscr...@googlegroups.com).
> > To post to this group, send email to rubyonrails-talk@googlegroups.com
> > (mailto:rubyonrails-talk@googlegroups.com).
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-talk+unsubscr...@googlegroups.com
> (mailto:rubyonrails-talk+unsubscr...@googlegroups.com).
> To post to this group, send email to rubyonrails-talk@googlegroups.com
> (mailto:rubyonrails-talk@googlegroups.com).
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/DE9FECB77E434DBAA53314B7666EBF41%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
