Yes that has it working now! The world is beautiful again. Walter, Derrick, I can get phase one up and running thanks to this. Thanks a million guys!
On Tuesday, November 19, 2013 1:26:45 AM UTC, Derrick Zhang wrote: > > > Hi Phillip, > > If your roles param is an array, you should tell strong parameters > explicitly like this: > > params[:user].permit(:id, :email, :password, :roles => []) > > Excepted from the doc: > > To declare that the value in params must be an array of permitted scalar > values map the key to an empty array: > > params.permit(:id => []) > > > On Tuesday, November 19, 2013 at 9:21 AM, Walter Lee Davis wrote: > > Okay, try this: > > @user = User.new(params[:user].permit(:id, :email, :password, > :password_confirmation, :roles)) > > And if that doesn't do it, then I need to see the raw parameters from your > form submission (they will be in your console). > > Walter > > On Nov 18, 2013, at 6:00 PM, Phillip wrote: > > Just the users table, "role_mask" the one we want? Here is the users from > schema.rb > > create_table "users", force: true do |t| > t.string "email", default: "", null: false > t.string "encrypted_password", default: "", null: false > t.string "reset_password_token" > t.datetime "reset_password_sent_at" > t.datetime "remember_created_at" > t.integer "sign_in_count", default: 0, null: false > t.datetime "current_sign_in_at" > t.datetime "last_sign_in_at" > t.string "current_sign_in_ip" > t.string "last_sign_in_ip" > t.datetime "created_at" > t.datetime "updated_at" > t.integer "roles_mask" > end > > > > On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote: > Okay, so now you know that strong parameters is the problem. Go into your > schema, copy the entire table definition, and paste it here. This will be > easy to fix, just have to see what the actual column name is that you need > to whitelist. > > Don't just leave your controller like this, you are not safe. > > Walter > > On Nov 18, 2013, at 5:50 PM, Phillip wrote: > > Yes! That works. Thanks Walter. > > (code now...) > def create > @user = User.new(params[:user].permit!) > > On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote: > Okay, try this (just to see if it saves at all): > > params[:user].permit! > > That turns off strong parameters entirely, so let's see if your value is > getting saved. > > Walter > > On Nov 18, 2013, at 4:41 PM, Phillip wrote: > > Ah yes, in console I have a line(when creating a user) saying.... > > Unpermitted parameters: password_confirmation, roles > > > I tried... > > def create > @user = User.new(params[:user].permit(:id, :email, :password, > :roles_mask)) > ...etc... > > > and... > > def create > @user = User.new(params[:user].permit(:id, :email, :password, > :roles_mask[:roles])) > > > and.... > > def create > @user = User.new(params[:user].permit(:id, :email, :password, :roles)) > > > But none save the roles. The roles_mask col in the users table is an > integer. It explains the process in the link mentioned on my first post. > Using a "bitmask". > > > > > > > > > > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote: > Also, watch your console as you update, and see if there's a warning about > illegal attributes not being saved. > > Walter > > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: > > Aha. You have a method called roles, but you're storing this in > roles_mask? Which is a string? You should try adding roles_mask in the > strong parameters, I think. > > Walter > > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: > > Hi Walter, > > Thanks for reply. > > Yes I have added in roles, but perhaps I am doing it wrong? Here is my > users controller for creating and updating... > > > def create > @user = User.new(params[:user].permit(:email, :password, :roles)) > # authorize! :manage, @users > > respond_to do |format| > if @user.save > format.html { redirect_to(@user, :notice => 'User was successfully > created.') } > format.xml { render :xml => @user, :status => :created, :location => @user > } > else > format.html { render :action => "new" } > format.xml { render :xml => @user.errors, :status => :unprocessable_entity > } > end > end > end > > # PUT /users/1 > # PUT /users/1.xml > def update > @user = User.find(params[:id]) > > respond_to do |format| > if @user.update(params[:user].permit(:email, :password, :roles)) > format.html { redirect_to(@user, :notice => 'User was successfully > updated.') } > format.xml { head :ok } > else > format.html { render :action => "edit" } > format.xml { render :xml => @user.errors, :status => :unprocessable_entity > } > end > end > end > > > > On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: > Hi, > > (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite db > for local development) > > I am a rookie, setting up website and was adding roles(using cancan gem) > to my users table. Everything works great, except when I select a role for > a user it is not getting saved. The user gets saved/created OK but it never > updates/ remembers any roles assigned to the user. > > I was following the advice given here(Many roles per user). Any help or > advice is most appreciated... > > https://github.com/ryanb/cancan/wiki/role-based-authorization > > Here is my users form... > > <%= form_for(@user) do |f| %> > <div class="field"> > <%= f.label :email %><br /> > <%= f.text_field :email %> > </div> > <% if @current_method == "new" %> > <div class="field"> > <%= f.label :password %><br /> > <%= f.password_field :password %> > </div> > <div class="field"> > <%= f.label :password_confirmation %><br /> > <%= f.password_field :password_confirmation %> > </div> > <% end %> > <% for role in User::ROLES %> > <%= check_box_tag "user[roles][#{role}]", role, > @user.roles.include?(role), {:name => "user[roles][]"}%> > <%= label_tag "user_roles_#{role}", role.humanize %><br /> > <% end %> > <%= hidden_field_tag "user[roles][]", "" %> > <div class="actions"> > <%= f.submit %> > </div> > <% end %> > > > > # /app/model/user.rb > > class User < ActiveRecord::Base > > ROLES = %w[admin blog_author] > > def roles=(roles) > self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) }.inject(0, > :+) > end > > def roles > ROLES.reject do |r| > ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? > end > end > > def is?(role) > roles.include?(role.to_s) > end > > # Include default devise modules. Others available are: > # :confirmable, :lockable, :timeoutable and :omniauthable > devise :database_authenticatable, :registerable, :recoverable, > :rememberable, :trackable, :validatable > end > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-ta...@googlegroups.com. > To post to this group, send email to rubyonra...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com. > > > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-ta...@googlegroups.com. > To post to this group, send email to rubyonra...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com. > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-ta...@googlegroups.com. > To post to this group, send email to rubyonra...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com. > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-ta...@googlegroups.com. > To post to this group, send email to rubyonra...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com. > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-ta...@googlegroups.com <javascript:>. > To post to this group, send email to rubyonra...@googlegroups.com<javascript:> > . > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-ta...@googlegroups.com <javascript:>. > To post to this group, send email to rubyonra...@googlegroups.com<javascript:> > . > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com > . > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7023d4d2-526d-46c0-9589-d5225e8ccf9e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.