Rails - Nov 2013 - Adding role's field to users

Hi,

(Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite db 
for local development)

I am a rookie, setting up website and was adding roles(using cancan gem) to 
my users table. Everything works great, except when I select a role for a 
user it is not getting saved. The user gets saved/created OK but it never 
updates/ remembers any roles assigned to the user.

I was following the advice given here(Many roles per user). Any help or 
advice is most appreciated...

https://github.com/ryanb/cancan/wiki/role-based-authorization

Here is my users form...

<%= form_for(@user) do |f| %>
<div class="field">
    <%= f.label :email %><br />
    <%= f.text_field :email %>
  </div>
  <% if @current_method == "new" %>
    <div class="field">
      <%= f.label :password %><br />
      <%= f.password_field :password %>
    </div>
    <div class="field">
      <%= f.label :password_confirmation %><br />
      <%= f.password_field :password_confirmation %>
    </div>
  <% end %>
  <% for role in User::ROLES %>
    <%= check_box_tag "user[roles][#{role}]", role, 
@user.roles.include?(role), {:name => "user[roles][]"}%>
    <%= label_tag "user_roles_#{role}", role.humanize %><br
/>
  <% end %>
  <%= hidden_field_tag "user[roles][]", "" %>
  <div class="actions">
    <%= f.submit %>
  </div>
<% end %>



# /app/model/user.rb

class User < ActiveRecord::Base

  ROLES = %w[admin blog_author]

  def roles=(roles)
    self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) 
}.inject(0, :+)
  end

  def roles
    ROLES.reject do |r|
      ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
    end
  end

  def is?(role)
    roles.include?(role.to_s)
  end

  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable, :recoverable, 
:rememberable, :trackable, :validatable
end

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/681b5ccf-1743-4cf3-89e4-495ee057ad31%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Nov 18, 2013, at 2:03 PM, Phillip wrote:
> Hi,
> 
> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite db
for local development)
Just a guess here -- have you updated your strong parameters declaration in the
users_controller to include the roles field?

Walter
> 
> I am a rookie, setting up website and was adding roles(using cancan gem) to
my users table. Everything works great, except when I select a role for a user
it is not getting saved. The user gets saved/created OK but it never updates/
remembers any roles assigned to the user.
> 
> I was following the advice given here(Many roles per user). Any help or
advice is most appreciated...
> 
> https://github.com/ryanb/cancan/wiki/role-based-authorization
> 
> Here is my users form...
> 
> <%= form_for(@user) do |f| %>
> <div class="field">
>     <%= f.label :email %><br />
>     <%= f.text_field :email %>
>   </div>
>   <% if @current_method == "new" %>
>     <div class="field">
>       <%= f.label :password %><br />
>       <%= f.password_field :password %>
>     </div>
>     <div class="field">
>       <%= f.label :password_confirmation %><br />
>       <%= f.password_field :password_confirmation %>
>     </div>
>   <% end %>
>   <% for role in User::ROLES %>
>     <%= check_box_tag "user[roles][#{role}]", role,
@user.roles.include?(role), {:name => "user[roles][]"}%>
>     <%= label_tag "user_roles_#{role}", role.humanize
%><br />
>   <% end %>
>   <%= hidden_field_tag "user[roles][]", "" %>
>   <div class="actions">
>     <%= f.submit %>
>   </div>
> <% end %>
> 
> 
> 
> # /app/model/user.rb
> 
> class User < ActiveRecord::Base
> 
>   ROLES = %w[admin blog_author]
> 
>   def roles=(roles)
>     self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r)
}.inject(0, :+)
>   end
> 
>   def roles
>     ROLES.reject do |r|
>       ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
>     end
>   end
> 
>   def is?(role)
>     roles.include?(role.to_s)
>   end
> 
>   # Include default devise modules. Others available are:
>   # :confirmable, :lockable, :timeoutable and :omniauthable
>   devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable
> end
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/681b5ccf-1743-4cf3-89e4-495ee057ad31%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/D20BBFE3-9AC6-491D-B843-F442290545A3%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Walter,

Thanks for reply.

Yes I have added in roles, but perhaps I am doing it wrong? Here is my 
users controller for creating and updating...


def create
    @user = User.new(params[:user].permit(:email, :password, :roles))
    # authorize! :manage, @users

    respond_to do |format|
      if @user.save
        format.html { redirect_to(@user, :notice => ''User was
successfully
created.'') }
        format.xml  { render :xml => @user, :status => :created, :location
=> @user }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors, :status => 
:unprocessable_entity }
      end
    end
  end

  # PUT /users/1
  # PUT /users/1.xml
  def update
    @user = User.find(params[:id])

    respond_to do |format|
      if @user.update(params[:user].permit(:email, :password, :roles))
        format.html { redirect_to(@user, :notice => ''User was
successfully
updated.'') }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors, :status => 
:unprocessable_entity }
      end
    end
  end



On Monday, November 18, 2013 7:03:09 PM UTC, Phillip
wrote:
>
> Hi,
>
> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite db 
> for local development)
>
> I am a rookie, setting up website and was adding roles(using cancan gem) 
> to my users table. Everything works great, except when I select a role for 
> a user it is not getting saved. The user gets saved/created OK but it never
> updates/ remembers any roles assigned to the user.
>
> I was following the advice given here(Many roles per user). Any help or 
> advice is most appreciated...
>
> https://github.com/ryanb/cancan/wiki/role-based-authorization
>
> Here is my users form...
>
> <%= form_for(@user) do |f| %>
> <div class="field">
>     <%= f.label :email %><br />
>     <%= f.text_field :email %>
>   </div>
>   <% if @current_method == "new" %>
>     <div class="field">
>       <%= f.label :password %><br />
>       <%= f.password_field :password %>
>     </div>
>     <div class="field">
>       <%= f.label :password_confirmation %><br />
>       <%= f.password_field :password_confirmation %>
>     </div>
>   <% end %>
>   <% for role in User::ROLES %>
>     <%= check_box_tag "user[roles][#{role}]", role, 
> @user.roles.include?(role), {:name => "user[roles][]"}%>
>     <%= label_tag "user_roles_#{role}", role.humanize
%><br />
>   <% end %>
>   <%= hidden_field_tag "user[roles][]", "" %>
>   <div class="actions">
>     <%= f.submit %>
>   </div>
> <% end %>
>
>
>
> # /app/model/user.rb
>
> class User < ActiveRecord::Base
>
>   ROLES = %w[admin blog_author]
>
>   def roles=(roles)
>     self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) 
> }.inject(0, :+)
>   end
>
>   def roles
>     ROLES.reject do |r|
>       ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
>     end
>   end
>
>   def is?(role)
>     roles.include?(role.to_s)
>   end
>
>   # Include default devise modules. Others available are:
>   # :confirmable, :lockable, :timeoutable and :omniauthable
>   devise :database_authenticatable, :registerable, :recoverable, 
> :rememberable, :trackable, :validatable
> end
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Aha. You have a method called roles, but you''re storing this in
roles_mask? Which is a string? You should try adding roles_mask in the strong
parameters, I think.

Walter


On Nov 18, 2013, at 3:50 PM, Phillip wrote:
> Hi Walter,
> 
> Thanks for reply.
> 
> Yes I have added in roles, but perhaps I am doing it wrong? Here is my
users controller for creating and updating...
> 
> 
> def create
>     @user = User.new(params[:user].permit(:email, :password, :roles))
>     # authorize! :manage, @users
> 
>     respond_to do |format|
>       if @user.save
>         format.html { redirect_to(@user, :notice => ''User was
successfully created.'') }
>         format.xml  { render :xml => @user, :status => :created,
:location => @user }
>       else
>         format.html { render :action => "new" }
>         format.xml  { render :xml => @user.errors, :status =>
:unprocessable_entity }
>       end
>     end
>   end
> 
>   # PUT /users/1
>   # PUT /users/1.xml
>   def update
>     @user = User.find(params[:id])
> 
>     respond_to do |format|
>       if @user.update(params[:user].permit(:email, :password, :roles))
>         format.html { redirect_to(@user, :notice => ''User was
successfully updated.'') }
>         format.xml  { head :ok }
>       else
>         format.html { render :action => "edit" }
>         format.xml  { render :xml => @user.errors, :status =>
:unprocessable_entity }
>       end
>     end
>   end
> 
> 
> 
> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote:
> Hi,
> 
> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite db
for local development)
> 
> I am a rookie, setting up website and was adding roles(using cancan gem) to
my users table. Everything works great, except when I select a role for a user
it is not getting saved. The user gets saved/created OK but it never updates/
remembers any roles assigned to the user.
> 
> I was following the advice given here(Many roles per user). Any help or
advice is most appreciated...
> 
> https://github.com/ryanb/cancan/wiki/role-based-authorization
> 
> Here is my users form...
> 
> <%= form_for(@user) do |f| %>
> <div class="field">
>     <%= f.label :email %><br />
>     <%= f.text_field :email %>
>   </div>
>   <% if @current_method == "new" %>
>     <div class="field">
>       <%= f.label :password %><br />
>       <%= f.password_field :password %>
>     </div>
>     <div class="field">
>       <%= f.label :password_confirmation %><br />
>       <%= f.password_field :password_confirmation %>
>     </div>
>   <% end %>
>   <% for role in User::ROLES %>
>     <%= check_box_tag "user[roles][#{role}]", role,
@user.roles.include?(role), {:name => "user[roles][]"}%>
>     <%= label_tag "user_roles_#{role}", role.humanize
%><br />
>   <% end %>
>   <%= hidden_field_tag "user[roles][]", "" %>
>   <div class="actions">
>     <%= f.submit %>
>   </div>
> <% end %>
> 
> 
> 
> # /app/model/user.rb
> 
> class User < ActiveRecord::Base
> 
>   ROLES = %w[admin blog_author]
> 
>   def roles=(roles)
>     self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r)
}.inject(0, :+)
>   end
> 
>   def roles
>     ROLES.reject do |r|
>       ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
>     end
>   end
> 
>   def is?(role)
>     roles.include?(role.to_s)
>   end
> 
>   # Include default devise modules. Others available are:
>   # :confirmable, :lockable, :timeoutable and :omniauthable
>   devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable
> end
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Also, watch your console as you update, and see if there''s a warning
about illegal attributes not being saved.

Walter

On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote:
> Aha. You have a method called roles, but you''re storing this in
roles_mask? Which is a string? You should try adding roles_mask in the strong
parameters, I think.
> 
> Walter
> 
> 
> On Nov 18, 2013, at 3:50 PM, Phillip wrote:
> 
>> Hi Walter,
>> 
>> Thanks for reply.
>> 
>> Yes I have added in roles, but perhaps I am doing it wrong? Here is my
users controller for creating and updating...
>> 
>> 
>> def create
>>    @user = User.new(params[:user].permit(:email, :password, :roles))
>>    # authorize! :manage, @users
>> 
>>    respond_to do |format|
>>      if @user.save
>>        format.html { redirect_to(@user, :notice => ''User
was successfully created.'') }
>>        format.xml  { render :xml => @user, :status => :created,
:location => @user }
>>      else
>>        format.html { render :action => "new" }
>>        format.xml  { render :xml => @user.errors, :status =>
:unprocessable_entity }
>>      end
>>    end
>>  end
>> 
>>  # PUT /users/1
>>  # PUT /users/1.xml
>>  def update
>>    @user = User.find(params[:id])
>> 
>>    respond_to do |format|
>>      if @user.update(params[:user].permit(:email, :password, :roles))
>>        format.html { redirect_to(@user, :notice => ''User
was successfully updated.'') }
>>        format.xml  { head :ok }
>>      else
>>        format.html { render :action => "edit" }
>>        format.xml  { render :xml => @user.errors, :status =>
:unprocessable_entity }
>>      end
>>    end
>>  end
>> 
>> 
>> 
>> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote:
>> Hi,
>> 
>> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite
db for local development)
>> 
>> I am a rookie, setting up website and was adding roles(using cancan
gem) to my users table. Everything works great, except when I select a role for
a user it is not getting saved. The user gets saved/created OK but it never
updates/ remembers any roles assigned to the user.
>> 
>> I was following the advice given here(Many roles per user). Any help or
advice is most appreciated...
>> 
>> https://github.com/ryanb/cancan/wiki/role-based-authorization
>> 
>> Here is my users form...
>> 
>> <%= form_for(@user) do |f| %>
>> <div class="field">
>>    <%= f.label :email %><br />
>>    <%= f.text_field :email %>
>>  </div>
>>  <% if @current_method == "new" %>
>>    <div class="field">
>>      <%= f.label :password %><br />
>>      <%= f.password_field :password %>
>>    </div>
>>    <div class="field">
>>      <%= f.label :password_confirmation %><br />
>>      <%= f.password_field :password_confirmation %>
>>    </div>
>>  <% end %>
>>  <% for role in User::ROLES %>
>>    <%= check_box_tag "user[roles][#{role}]", role,
@user.roles.include?(role), {:name => "user[roles][]"}%>
>>    <%= label_tag "user_roles_#{role}", role.humanize
%><br />
>>  <% end %>
>>  <%= hidden_field_tag "user[roles][]", "" %>
>>  <div class="actions">
>>    <%= f.submit %>
>>  </div>
>> <% end %>
>> 
>> 
>> 
>> # /app/model/user.rb
>> 
>> class User < ActiveRecord::Base
>> 
>>  ROLES = %w[admin blog_author]
>> 
>>  def roles=(roles)
>>    self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r)
}.inject(0, :+)
>>  end
>> 
>>  def roles
>>    ROLES.reject do |r|
>>      ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
>>    end
>>  end
>> 
>>  def is?(role)
>>    roles.include?(role.to_s)
>>  end
>> 
>>  # Include default devise modules. Others available are:
>>  # :confirmable, :lockable, :timeoutable and :omniauthable
>>  devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable
>> end
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
>> To unsubscribe from this group and stop receiving emails from it, send
an email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/9683A8E3-4CE7-4996-870F-F54D4595FA99%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Ah yes, in console I have a line(when creating a user) saying....

Unpermitted parameters: password_confirmation, roles


I tried...

def create
    @user = User.new(params[:user].permit(:id, :email, :password, 
:roles_mask))
...etc...


and...

def create
    @user = User.new(params[:user].permit(:id, :email, :password, 
:roles_mask[:roles]))


and....

def create
    @user = User.new(params[:user].permit(:id, :email, :password, :roles))


But none save the roles. The roles_mask col in the users table is an 
integer. It explains the process in the link mentioned on my first post. 
Using a "bitmask".









On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis
wrote:
>
> Also, watch your console as you update, and see if there''s a
warning about
> illegal attributes not being saved. 
>
> Walter 
>
> On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
>
> > Aha. You have a method called roles, but you''re storing this
in
> roles_mask? Which is a string? You should try adding roles_mask in the 
> strong parameters, I think. 
> > 
> > Walter 
> > 
> > 
> > On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
> > 
> >> Hi Walter, 
> >> 
> >> Thanks for reply. 
> >> 
> >> Yes I have added in roles, but perhaps I am doing it wrong? Here
is my
> users controller for creating and updating... 
> >> 
> >> 
> >> def create 
> >>    @user = User.new(params[:user].permit(:email, :password,
:roles))
> >>    # authorize! :manage, @users 
> >> 
> >>    respond_to do |format| 
> >>      if @user.save 
> >>        format.html { redirect_to(@user, :notice =>
''User was
> successfully created.'') } 
> >>        format.xml  { render :xml => @user, :status =>
:created,
> :location => @user } 
> >>      else 
> >>        format.html { render :action => "new" } 
> >>        format.xml  { render :xml => @user.errors, :status =>
> :unprocessable_entity } 
> >>      end 
> >>    end 
> >>  end 
> >> 
> >>  # PUT /users/1 
> >>  # PUT /users/1.xml 
> >>  def update 
> >>    @user = User.find(params[:id]) 
> >> 
> >>    respond_to do |format| 
> >>      if @user.update(params[:user].permit(:email, :password,
:roles))
> >>        format.html { redirect_to(@user, :notice =>
''User was
> successfully updated.'') } 
> >>        format.xml  { head :ok } 
> >>      else 
> >>        format.html { render :action => "edit" } 
> >>        format.xml  { render :xml => @user.errors, :status =>
> :unprocessable_entity } 
> >>      end 
> >>    end 
> >>  end 
> >> 
> >> 
> >> 
> >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: 
> >> Hi, 
> >> 
> >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems.
sqlite
> db for local development) 
> >> 
> >> I am a rookie, setting up website and was adding roles(using
cancan
> gem) to my users table. Everything works great, except when I select a role
> for a user it is not getting saved. The user gets saved/created OK but it 
> never updates/ remembers any roles assigned to the user. 
> >> 
> >> I was following the advice given here(Many roles per user). Any
help or
> advice is most appreciated... 
> >> 
> >> https://github.com/ryanb/cancan/wiki/role-based-authorization 
> >> 
> >> Here is my users form... 
> >> 
> >> <%= form_for(@user) do |f| %> 
> >> <div class="field"> 
> >>    <%= f.label :email %><br /> 
> >>    <%= f.text_field :email %> 
> >>  </div> 
> >>  <% if @current_method == "new" %> 
> >>    <div class="field"> 
> >>      <%= f.label :password %><br /> 
> >>      <%= f.password_field :password %> 
> >>    </div> 
> >>    <div class="field"> 
> >>      <%= f.label :password_confirmation %><br /> 
> >>      <%= f.password_field :password_confirmation %> 
> >>    </div> 
> >>  <% end %> 
> >>  <% for role in User::ROLES %> 
> >>    <%= check_box_tag "user[roles][#{role}]", role, 
> @user.roles.include?(role), {:name => "user[roles][]"}%> 
> >>    <%= label_tag "user_roles_#{role}", role.humanize
%><br />
> >>  <% end %> 
> >>  <%= hidden_field_tag "user[roles][]", ""
%>
> >>  <div class="actions"> 
> >>    <%= f.submit %> 
> >>  </div> 
> >> <% end %> 
> >> 
> >> 
> >> 
> >> # /app/model/user.rb 
> >> 
> >> class User < ActiveRecord::Base 
> >> 
> >>  ROLES = %w[admin blog_author] 
> >> 
> >>  def roles=(roles) 
> >>    self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r)
> }.inject(0, :+) 
> >>  end 
> >> 
> >>  def roles 
> >>    ROLES.reject do |r| 
> >>      ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? 
> >>    end 
> >>  end 
> >> 
> >>  def is?(role) 
> >>    roles.include?(role.to_s) 
> >>  end 
> >> 
> >>  # Include default devise modules. Others available are: 
> >>  # :confirmable, :lockable, :timeoutable and :omniauthable 
> >>  devise :database_authenticatable, :registerable, :recoverable, 
> :rememberable, :trackable, :validatable 
> >> end 
> >> 
> >> 
> >> -- 
> >> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group. 
> >> To unsubscribe from this group and stop receiving emails from it,
send
> an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
<javascript:>.
> >> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<javascript:>.
>
> >> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
>
> >> For more options, visit https://groups.google.com/groups/opt_out. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ruby on Rails: Talk" group. 
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
<javascript:>.
> > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<javascript:>.
>
> > To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
>
> > For more options, visit https://groups.google.com/groups/opt_out. 
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Okay, try this (just to see if it saves at all):

	params[:user].permit!

That turns off strong parameters entirely, so let''s see if your value
is getting saved.

Walter

On Nov 18, 2013, at 4:41 PM, Phillip wrote:
> Ah yes, in console I have a line(when creating a user) saying....
> 
> Unpermitted parameters: password_confirmation, roles
> 
> 
> I tried...
> 
> def create
>     @user = User.new(params[:user].permit(:id, :email, :password,
:roles_mask))
> ...etc...
> 
> 
> and...
> 
> def create
>     @user = User.new(params[:user].permit(:id, :email, :password,
:roles_mask[:roles]))
> 
> 
> and....
> 
> def create
>     @user = User.new(params[:user].permit(:id, :email, :password, :roles))
> 
> 
> But none save the roles. The roles_mask col in the users table is an
integer. It explains the process in the link mentioned on my first post. Using a
"bitmask".
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote:
> Also, watch your console as you update, and see if there''s a
warning about illegal attributes not being saved.
> 
> Walter 
> 
> On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
> 
> > Aha. You have a method called roles, but you''re storing this
in roles_mask? Which is a string? You should try adding roles_mask in the strong
parameters, I think.
> > 
> > Walter 
> > 
> > 
> > On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
> > 
> >> Hi Walter, 
> >> 
> >> Thanks for reply. 
> >> 
> >> Yes I have added in roles, but perhaps I am doing it wrong? Here
is my users controller for creating and updating...
> >> 
> >> 
> >> def create 
> >>    @user = User.new(params[:user].permit(:email, :password,
:roles))
> >>    # authorize! :manage, @users 
> >> 
> >>    respond_to do |format| 
> >>      if @user.save 
> >>        format.html { redirect_to(@user, :notice =>
''User was successfully created.'') }
> >>        format.xml  { render :xml => @user, :status =>
:created, :location => @user }
> >>      else 
> >>        format.html { render :action => "new" } 
> >>        format.xml  { render :xml => @user.errors, :status =>
:unprocessable_entity }
> >>      end 
> >>    end 
> >>  end 
> >> 
> >>  # PUT /users/1 
> >>  # PUT /users/1.xml 
> >>  def update 
> >>    @user = User.find(params[:id]) 
> >> 
> >>    respond_to do |format| 
> >>      if @user.update(params[:user].permit(:email, :password,
:roles))
> >>        format.html { redirect_to(@user, :notice =>
''User was successfully updated.'') }
> >>        format.xml  { head :ok } 
> >>      else 
> >>        format.html { render :action => "edit" } 
> >>        format.xml  { render :xml => @user.errors, :status =>
:unprocessable_entity }
> >>      end 
> >>    end 
> >>  end 
> >> 
> >> 
> >> 
> >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: 
> >> Hi, 
> >> 
> >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems.
sqlite db for local development)
> >> 
> >> I am a rookie, setting up website and was adding roles(using
cancan gem) to my users table. Everything works great, except when I select a
role for a user it is not getting saved. The user gets saved/created OK but it
never updates/ remembers any roles assigned to the user.
> >> 
> >> I was following the advice given here(Many roles per user). Any
help or advice is most appreciated...
> >> 
> >> https://github.com/ryanb/cancan/wiki/role-based-authorization 
> >> 
> >> Here is my users form... 
> >> 
> >> <%= form_for(@user) do |f| %> 
> >> <div class="field"> 
> >>    <%= f.label :email %><br /> 
> >>    <%= f.text_field :email %> 
> >>  </div> 
> >>  <% if @current_method == "new" %> 
> >>    <div class="field"> 
> >>      <%= f.label :password %><br /> 
> >>      <%= f.password_field :password %> 
> >>    </div> 
> >>    <div class="field"> 
> >>      <%= f.label :password_confirmation %><br /> 
> >>      <%= f.password_field :password_confirmation %> 
> >>    </div> 
> >>  <% end %> 
> >>  <% for role in User::ROLES %> 
> >>    <%= check_box_tag "user[roles][#{role}]", role,
@user.roles.include?(role), {:name => "user[roles][]"}%>
> >>    <%= label_tag "user_roles_#{role}", role.humanize
%><br />
> >>  <% end %> 
> >>  <%= hidden_field_tag "user[roles][]", ""
%>
> >>  <div class="actions"> 
> >>    <%= f.submit %> 
> >>  </div> 
> >> <% end %> 
> >> 
> >> 
> >> 
> >> # /app/model/user.rb 
> >> 
> >> class User < ActiveRecord::Base 
> >> 
> >>  ROLES = %w[admin blog_author] 
> >> 
> >>  def roles=(roles) 
> >>    self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r) }.inject(0, :+)
> >>  end 
> >> 
> >>  def roles 
> >>    ROLES.reject do |r| 
> >>      ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? 
> >>    end 
> >>  end 
> >> 
> >>  def is?(role) 
> >>    roles.include?(role.to_s) 
> >>  end 
> >> 
> >>  # Include default devise modules. Others available are: 
> >>  # :confirmable, :lockable, :timeoutable and :omniauthable 
> >>  devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable
> >> end 
> >> 
> >> 
> >> -- 
> >> You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> >> To unsubscribe from this group and stop receiving emails from it,
send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> >> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> >> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
> >> For more options, visit https://groups.google.com/groups/opt_out. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To unsubscribe from this group and stop receiving emails from it, send
an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
> > For more options, visit https://groups.google.com/groups/opt_out. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/46496C61-78FC-4894-87B4-59BAF8612125%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Yes! That works. Thanks Walter.

(code now...)
def create
    @user = User.new(params[:user].permit!)

On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis
wrote:
>
> Okay, try this (just to see if it saves at all): 
>
>         params[:user].permit! 
>
> That turns off strong parameters entirely, so let''s see if your
value is
> getting saved. 
>
> Walter 
>
> On Nov 18, 2013, at 4:41 PM, Phillip wrote: 
>
> > Ah yes, in console I have a line(when creating a user) saying.... 
> > 
> > Unpermitted parameters: password_confirmation, roles 
> > 
> > 
> > I tried... 
> > 
> > def create 
> >     @user = User.new(params[:user].permit(:id, :email, :password, 
> :roles_mask)) 
> > ...etc... 
> > 
> > 
> > and... 
> > 
> > def create 
> >     @user = User.new(params[:user].permit(:id, :email, :password, 
> :roles_mask[:roles])) 
> > 
> > 
> > and.... 
> > 
> > def create 
> >     @user = User.new(params[:user].permit(:id, :email, :password, 
> :roles)) 
> > 
> > 
> > But none save the roles. The roles_mask col in the users table is an 
> integer. It explains the process in the link mentioned on my first post. 
> Using a "bitmask". 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote: 
> > Also, watch your console as you update, and see if there''s a
warning
> about illegal attributes not being saved. 
> > 
> > Walter 
> > 
> > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
> > 
> > > Aha. You have a method called roles, but you''re storing
this in
> roles_mask? Which is a string? You should try adding roles_mask in the 
> strong parameters, I think. 
> > > 
> > > Walter 
> > > 
> > > 
> > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
> > > 
> > >> Hi Walter, 
> > >> 
> > >> Thanks for reply. 
> > >> 
> > >> Yes I have added in roles, but perhaps I am doing it wrong?
Here is
> my users controller for creating and updating... 
> > >> 
> > >> 
> > >> def create 
> > >>    @user = User.new(params[:user].permit(:email, :password,
:roles))
> > >>    # authorize! :manage, @users 
> > >> 
> > >>    respond_to do |format| 
> > >>      if @user.save 
> > >>        format.html { redirect_to(@user, :notice =>
''User was
> successfully created.'') } 
> > >>        format.xml  { render :xml => @user, :status =>
:created,
> :location => @user } 
> > >>      else 
> > >>        format.html { render :action => "new" } 
> > >>        format.xml  { render :xml => @user.errors, :status
=>
> :unprocessable_entity } 
> > >>      end 
> > >>    end 
> > >>  end 
> > >> 
> > >>  # PUT /users/1 
> > >>  # PUT /users/1.xml 
> > >>  def update 
> > >>    @user = User.find(params[:id]) 
> > >> 
> > >>    respond_to do |format| 
> > >>      if @user.update(params[:user].permit(:email, :password,
:roles))
> > >>        format.html { redirect_to(@user, :notice =>
''User was
> successfully updated.'') } 
> > >>        format.xml  { head :ok } 
> > >>      else 
> > >>        format.html { render :action => "edit" } 
> > >>        format.xml  { render :xml => @user.errors, :status
=>
> :unprocessable_entity } 
> > >>      end 
> > >>    end 
> > >>  end 
> > >> 
> > >> 
> > >> 
> > >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: 
> > >> Hi, 
> > >> 
> > >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan
gems. sqlite
> db for local development) 
> > >> 
> > >> I am a rookie, setting up website and was adding roles(using
cancan
> gem) to my users table. Everything works great, except when I select a role
> for a user it is not getting saved. The user gets saved/created OK but it 
> never updates/ remembers any roles assigned to the user. 
> > >> 
> > >> I was following the advice given here(Many roles per user).
Any help
> or advice is most appreciated... 
> > >> 
> > >> https://github.com/ryanb/cancan/wiki/role-based-authorization
> > >> 
> > >> Here is my users form... 
> > >> 
> > >> <%= form_for(@user) do |f| %> 
> > >> <div class="field"> 
> > >>    <%= f.label :email %><br /> 
> > >>    <%= f.text_field :email %> 
> > >>  </div> 
> > >>  <% if @current_method == "new" %> 
> > >>    <div class="field"> 
> > >>      <%= f.label :password %><br /> 
> > >>      <%= f.password_field :password %> 
> > >>    </div> 
> > >>    <div class="field"> 
> > >>      <%= f.label :password_confirmation %><br /> 
> > >>      <%= f.password_field :password_confirmation %> 
> > >>    </div> 
> > >>  <% end %> 
> > >>  <% for role in User::ROLES %> 
> > >>    <%= check_box_tag "user[roles][#{role}]",
role,
> @user.roles.include?(role), {:name => "user[roles][]"}%> 
> > >>    <%= label_tag "user_roles_#{role}",
role.humanize %><br />
> > >>  <% end %> 
> > >>  <%= hidden_field_tag "user[roles][]",
"" %>
> > >>  <div class="actions"> 
> > >>    <%= f.submit %> 
> > >>  </div> 
> > >> <% end %> 
> > >> 
> > >> 
> > >> 
> > >> # /app/model/user.rb 
> > >> 
> > >> class User < ActiveRecord::Base 
> > >> 
> > >>  ROLES = %w[admin blog_author] 
> > >> 
> > >>  def roles=(roles) 
> > >>    self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r)
> }.inject(0, :+) 
> > >>  end 
> > >> 
> > >>  def roles 
> > >>    ROLES.reject do |r| 
> > >>      ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? 
> > >>    end 
> > >>  end 
> > >> 
> > >>  def is?(role) 
> > >>    roles.include?(role.to_s) 
> > >>  end 
> > >> 
> > >>  # Include default devise modules. Others available are: 
> > >>  # :confirmable, :lockable, :timeoutable and :omniauthable 
> > >>  devise :database_authenticatable, :registerable,
:recoverable,
> :rememberable, :trackable, :validatable 
> > >> end 
> > >> 
> > >> 
> > >> -- 
> > >> You received this message because you are subscribed to the
Google
> Groups "Ruby on Rails: Talk" group. 
> > >> To unsubscribe from this group and stop receiving emails from
it,
> send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > >> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > >> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
>
> > >> For more options, visit
https://groups.google.com/groups/opt_out.
> > > 
> > > -- 
> > > You received this message because you are subscribed to the
Google
> Groups "Ruby on Rails: Talk" group. 
> > > To unsubscribe from this group and stop receiving emails from it,
send
> an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
>
> > > For more options, visit https://groups.google.com/groups/opt_out.
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ruby on Rails: Talk" group. 
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
<javascript:>.
> > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<javascript:>.
>
> > To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
>
> > For more options, visit https://groups.google.com/groups/opt_out. 
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Okay, so now you know that strong parameters is the problem. Go into your
schema, copy the entire table definition, and paste it here. This will be easy
to fix, just have to see what the actual column name is that you need to
whitelist.

Don''t just leave your controller like this, you are not safe.

Walter

On Nov 18, 2013, at 5:50 PM, Phillip wrote:
> Yes! That works. Thanks Walter.
> 
> (code now...)
> def create
>     @user = User.new(params[:user].permit!)
> 
> On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote:
> Okay, try this (just to see if it saves at all): 
> 
>         params[:user].permit! 
> 
> That turns off strong parameters entirely, so let''s see if your
value is getting saved.
> 
> Walter 
> 
> On Nov 18, 2013, at 4:41 PM, Phillip wrote: 
> 
> > Ah yes, in console I have a line(when creating a user) saying.... 
> > 
> > Unpermitted parameters: password_confirmation, roles 
> > 
> > 
> > I tried... 
> > 
> > def create 
> >     @user = User.new(params[:user].permit(:id, :email, :password,
:roles_mask))
> > ...etc... 
> > 
> > 
> > and... 
> > 
> > def create 
> >     @user = User.new(params[:user].permit(:id, :email, :password,
:roles_mask[:roles]))
> > 
> > 
> > and.... 
> > 
> > def create 
> >     @user = User.new(params[:user].permit(:id, :email, :password,
:roles))
> > 
> > 
> > But none save the roles. The roles_mask col in the users table is an
integer. It explains the process in the link mentioned on my first post. Using a
"bitmask".
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote: 
> > Also, watch your console as you update, and see if there''s a
warning about illegal attributes not being saved.
> > 
> > Walter 
> > 
> > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
> > 
> > > Aha. You have a method called roles, but you''re storing
this in roles_mask? Which is a string? You should try adding roles_mask in the
strong parameters, I think.
> > > 
> > > Walter 
> > > 
> > > 
> > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
> > > 
> > >> Hi Walter, 
> > >> 
> > >> Thanks for reply. 
> > >> 
> > >> Yes I have added in roles, but perhaps I am doing it wrong?
Here is my users controller for creating and updating...
> > >> 
> > >> 
> > >> def create 
> > >>    @user = User.new(params[:user].permit(:email, :password,
:roles))
> > >>    # authorize! :manage, @users 
> > >> 
> > >>    respond_to do |format| 
> > >>      if @user.save 
> > >>        format.html { redirect_to(@user, :notice =>
''User was successfully created.'') }
> > >>        format.xml  { render :xml => @user, :status =>
:created, :location => @user }
> > >>      else 
> > >>        format.html { render :action => "new" } 
> > >>        format.xml  { render :xml => @user.errors, :status
=> :unprocessable_entity }
> > >>      end 
> > >>    end 
> > >>  end 
> > >> 
> > >>  # PUT /users/1 
> > >>  # PUT /users/1.xml 
> > >>  def update 
> > >>    @user = User.find(params[:id]) 
> > >> 
> > >>    respond_to do |format| 
> > >>      if @user.update(params[:user].permit(:email, :password,
:roles))
> > >>        format.html { redirect_to(@user, :notice =>
''User was successfully updated.'') }
> > >>        format.xml  { head :ok } 
> > >>      else 
> > >>        format.html { render :action => "edit" } 
> > >>        format.xml  { render :xml => @user.errors, :status
=> :unprocessable_entity }
> > >>      end 
> > >>    end 
> > >>  end 
> > >> 
> > >> 
> > >> 
> > >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: 
> > >> Hi, 
> > >> 
> > >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan
gems. sqlite db for local development)
> > >> 
> > >> I am a rookie, setting up website and was adding roles(using
cancan gem) to my users table. Everything works great, except when I select a
role for a user it is not getting saved. The user gets saved/created OK but it
never updates/ remembers any roles assigned to the user.
> > >> 
> > >> I was following the advice given here(Many roles per user).
Any help or advice is most appreciated...
> > >> 
> > >> https://github.com/ryanb/cancan/wiki/role-based-authorization
> > >> 
> > >> Here is my users form... 
> > >> 
> > >> <%= form_for(@user) do |f| %> 
> > >> <div class="field"> 
> > >>    <%= f.label :email %><br /> 
> > >>    <%= f.text_field :email %> 
> > >>  </div> 
> > >>  <% if @current_method == "new" %> 
> > >>    <div class="field"> 
> > >>      <%= f.label :password %><br /> 
> > >>      <%= f.password_field :password %> 
> > >>    </div> 
> > >>    <div class="field"> 
> > >>      <%= f.label :password_confirmation %><br /> 
> > >>      <%= f.password_field :password_confirmation %> 
> > >>    </div> 
> > >>  <% end %> 
> > >>  <% for role in User::ROLES %> 
> > >>    <%= check_box_tag "user[roles][#{role}]",
role, @user.roles.include?(role), {:name => "user[roles][]"}%>
> > >>    <%= label_tag "user_roles_#{role}",
role.humanize %><br />
> > >>  <% end %> 
> > >>  <%= hidden_field_tag "user[roles][]",
"" %>
> > >>  <div class="actions"> 
> > >>    <%= f.submit %> 
> > >>  </div> 
> > >> <% end %> 
> > >> 
> > >> 
> > >> 
> > >> # /app/model/user.rb 
> > >> 
> > >> class User < ActiveRecord::Base 
> > >> 
> > >>  ROLES = %w[admin blog_author] 
> > >> 
> > >>  def roles=(roles) 
> > >>    self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r) }.inject(0, :+)
> > >>  end 
> > >> 
> > >>  def roles 
> > >>    ROLES.reject do |r| 
> > >>      ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? 
> > >>    end 
> > >>  end 
> > >> 
> > >>  def is?(role) 
> > >>    roles.include?(role.to_s) 
> > >>  end 
> > >> 
> > >>  # Include default devise modules. Others available are: 
> > >>  # :confirmable, :lockable, :timeoutable and :omniauthable 
> > >>  devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
> > >> end 
> > >> 
> > >> 
> > >> -- 
> > >> You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
> > >> To unsubscribe from this group and stop receiving emails from
it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > >> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > >> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
> > >> For more options, visit
https://groups.google.com/groups/opt_out.
> > > 
> > > -- 
> > > You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
> > > To unsubscribe from this group and stop receiving emails from it,
send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
> > > For more options, visit https://groups.google.com/groups/opt_out.
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To unsubscribe from this group and stop receiving emails from it, send
an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
> > For more options, visit https://groups.google.com/groups/opt_out. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/A03A30B2-3ED6-49F4-AA4D-26B2F14A1C15%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Just the users table, "role_mask" the one we want? Here is the users
from
schema.rb

create_table "users", force: true do |t|
    t.string   "email",                  default: "", null:
false
    t.string   "encrypted_password",     default: "", null:
false
    t.string   "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer  "sign_in_count",          default: 0,  null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip"
    t.string   "last_sign_in_ip"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.integer  "roles_mask"
  end



On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis
wrote:
>
> Okay, so now you know that strong parameters is the problem. Go into your 
> schema, copy the entire table definition, and paste it here. This will be 
> easy to fix, just have to see what the actual column name is that you need 
> to whitelist. 
>
> Don''t just leave your controller like this, you are not safe. 
>
> Walter 
>
> On Nov 18, 2013, at 5:50 PM, Phillip wrote: 
>
> > Yes! That works. Thanks Walter. 
> > 
> > (code now...) 
> > def create 
> >     @user = User.new(params[:user].permit!) 
> > 
> > On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote: 
> > Okay, try this (just to see if it saves at all): 
> > 
> >         params[:user].permit! 
> > 
> > That turns off strong parameters entirely, so let''s see if
your value is
> getting saved. 
> > 
> > Walter 
> > 
> > On Nov 18, 2013, at 4:41 PM, Phillip wrote: 
> > 
> > > Ah yes, in console I have a line(when creating a user) saying....
> > > 
> > > Unpermitted parameters: password_confirmation, roles 
> > > 
> > > 
> > > I tried... 
> > > 
> > > def create 
> > >     @user = User.new(params[:user].permit(:id, :email, :password,
> :roles_mask)) 
> > > ...etc... 
> > > 
> > > 
> > > and... 
> > > 
> > > def create 
> > >     @user = User.new(params[:user].permit(:id, :email, :password,
> :roles_mask[:roles])) 
> > > 
> > > 
> > > and.... 
> > > 
> > > def create 
> > >     @user = User.new(params[:user].permit(:id, :email, :password,
> :roles)) 
> > > 
> > > 
> > > But none save the roles. The roles_mask col in the users table is
an
> integer. It explains the process in the link mentioned on my first post. 
> Using a "bitmask". 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis
wrote:
> > > Also, watch your console as you update, and see if
there''s a warning
> about illegal attributes not being saved. 
> > > 
> > > Walter 
> > > 
> > > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
> > > 
> > > > Aha. You have a method called roles, but you''re
storing this in
> roles_mask? Which is a string? You should try adding roles_mask in the 
> strong parameters, I think. 
> > > > 
> > > > Walter 
> > > > 
> > > > 
> > > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
> > > > 
> > > >> Hi Walter, 
> > > >> 
> > > >> Thanks for reply. 
> > > >> 
> > > >> Yes I have added in roles, but perhaps I am doing it
wrong? Here is
> my users controller for creating and updating... 
> > > >> 
> > > >> 
> > > >> def create 
> > > >>    @user = User.new(params[:user].permit(:email,
:password,
> :roles)) 
> > > >>    # authorize! :manage, @users 
> > > >> 
> > > >>    respond_to do |format| 
> > > >>      if @user.save 
> > > >>        format.html { redirect_to(@user, :notice =>
''User was
> successfully created.'') } 
> > > >>        format.xml  { render :xml => @user, :status
=> :created,
> :location => @user } 
> > > >>      else 
> > > >>        format.html { render :action =>
"new" }
> > > >>        format.xml  { render :xml => @user.errors,
:status =>
> :unprocessable_entity } 
> > > >>      end 
> > > >>    end 
> > > >>  end 
> > > >> 
> > > >>  # PUT /users/1 
> > > >>  # PUT /users/1.xml 
> > > >>  def update 
> > > >>    @user = User.find(params[:id]) 
> > > >> 
> > > >>    respond_to do |format| 
> > > >>      if @user.update(params[:user].permit(:email,
:password,
> :roles)) 
> > > >>        format.html { redirect_to(@user, :notice =>
''User was
> successfully updated.'') } 
> > > >>        format.xml  { head :ok } 
> > > >>      else 
> > > >>        format.html { render :action =>
"edit" }
> > > >>        format.xml  { render :xml => @user.errors,
:status =>
> :unprocessable_entity } 
> > > >>      end 
> > > >>    end 
> > > >>  end 
> > > >> 
> > > >> 
> > > >> 
> > > >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip
wrote:
> > > >> Hi, 
> > > >> 
> > > >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan
gems.
> sqlite db for local development) 
> > > >> 
> > > >> I am a rookie, setting up website and was adding
roles(using cancan
> gem) to my users table. Everything works great, except when I select a role
> for a user it is not getting saved. The user gets saved/created OK but it 
> never updates/ remembers any roles assigned to the user. 
> > > >> 
> > > >> I was following the advice given here(Many roles per
user). Any
> help or advice is most appreciated... 
> > > >> 
> > > >>
https://github.com/ryanb/cancan/wiki/role-based-authorization
> > > >> 
> > > >> Here is my users form... 
> > > >> 
> > > >> <%= form_for(@user) do |f| %> 
> > > >> <div class="field"> 
> > > >>    <%= f.label :email %><br /> 
> > > >>    <%= f.text_field :email %> 
> > > >>  </div> 
> > > >>  <% if @current_method == "new" %> 
> > > >>    <div class="field"> 
> > > >>      <%= f.label :password %><br /> 
> > > >>      <%= f.password_field :password %> 
> > > >>    </div> 
> > > >>    <div class="field"> 
> > > >>      <%= f.label :password_confirmation %><br
/>
> > > >>      <%= f.password_field :password_confirmation
%>
> > > >>    </div> 
> > > >>  <% end %> 
> > > >>  <% for role in User::ROLES %> 
> > > >>    <%= check_box_tag
"user[roles][#{role}]", role,
> @user.roles.include?(role), {:name => "user[roles][]"}%> 
> > > >>    <%= label_tag "user_roles_#{role}",
role.humanize %><br />
> > > >>  <% end %> 
> > > >>  <%= hidden_field_tag "user[roles][]",
"" %>
> > > >>  <div class="actions"> 
> > > >>    <%= f.submit %> 
> > > >>  </div> 
> > > >> <% end %> 
> > > >> 
> > > >> 
> > > >> 
> > > >> # /app/model/user.rb 
> > > >> 
> > > >> class User < ActiveRecord::Base 
> > > >> 
> > > >>  ROLES = %w[admin blog_author] 
> > > >> 
> > > >>  def roles=(roles) 
> > > >>    self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r)
> }.inject(0, :+) 
> > > >>  end 
> > > >> 
> > > >>  def roles 
> > > >>    ROLES.reject do |r| 
> > > >>      ((roles_mask.to_i || 0) &
2**ROLES.index(r)).zero?
> > > >>    end 
> > > >>  end 
> > > >> 
> > > >>  def is?(role) 
> > > >>    roles.include?(role.to_s) 
> > > >>  end 
> > > >> 
> > > >>  # Include default devise modules. Others available are:
> > > >>  # :confirmable, :lockable, :timeoutable and
:omniauthable
> > > >>  devise :database_authenticatable, :registerable,
:recoverable,
> :rememberable, :trackable, :validatable 
> > > >> end 
> > > >> 
> > > >> 
> > > >> -- 
> > > >> You received this message because you are subscribed to
the Google
> Groups "Ruby on Rails: Talk" group. 
> > > >> To unsubscribe from this group and stop receiving emails
from it,
> send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > >> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > >> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
>
> > > >> For more options, visit
https://groups.google.com/groups/opt_out.
> > > > 
> > > > -- 
> > > > You received this message because you are subscribed to the
Google
> Groups "Ruby on Rails: Talk" group. 
> > > > To unsubscribe from this group and stop receiving emails
from it,
> send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > > To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
>
> > > > For more options, visit
https://groups.google.com/groups/opt_out.
> > > 
> > > 
> > > -- 
> > > You received this message because you are subscribed to the
Google
> Groups "Ruby on Rails: Talk" group. 
> > > To unsubscribe from this group and stop receiving emails from it,
send
> an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
>
> > > For more options, visit https://groups.google.com/groups/opt_out.
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ruby on Rails: Talk" group. 
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
<javascript:>.
> > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<javascript:>.
>
> > To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
>
> > For more options, visit https://groups.google.com/groups/opt_out. 
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Okay, try this:

    @user = User.new(params[:user].permit(:id, :email, :password,
:password_confirmation, :roles))

And if that doesn''t do it, then I need to see the raw parameters from
your form submission (they will be in your console).

Walter

On Nov 18, 2013, at 6:00 PM, Phillip wrote:
> Just the users table, "role_mask" the one we want? Here is the
users from schema.rb
> 
> create_table "users", force: true do |t|
>     t.string   "email",                  default: "",
null: false
>     t.string   "encrypted_password",     default: "",
null: false
>     t.string   "reset_password_token"
>     t.datetime "reset_password_sent_at"
>     t.datetime "remember_created_at"
>     t.integer  "sign_in_count",          default: 0,  null: false
>     t.datetime "current_sign_in_at"
>     t.datetime "last_sign_in_at"
>     t.string   "current_sign_in_ip"
>     t.string   "last_sign_in_ip"
>     t.datetime "created_at"
>     t.datetime "updated_at"
>     t.integer  "roles_mask"
>   end
> 
> 
> 
> On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote:
> Okay, so now you know that strong parameters is the problem. Go into your
schema, copy the entire table definition, and paste it here. This will be easy
to fix, just have to see what the actual column name is that you need to
whitelist.
> 
> Don''t just leave your controller like this, you are not safe. 
> 
> Walter 
> 
> On Nov 18, 2013, at 5:50 PM, Phillip wrote: 
> 
> > Yes! That works. Thanks Walter. 
> > 
> > (code now...) 
> > def create 
> >     @user = User.new(params[:user].permit!) 
> > 
> > On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote: 
> > Okay, try this (just to see if it saves at all): 
> > 
> >         params[:user].permit! 
> > 
> > That turns off strong parameters entirely, so let''s see if
your value is getting saved.
> > 
> > Walter 
> > 
> > On Nov 18, 2013, at 4:41 PM, Phillip wrote: 
> > 
> > > Ah yes, in console I have a line(when creating a user) saying....
> > > 
> > > Unpermitted parameters: password_confirmation, roles 
> > > 
> > > 
> > > I tried... 
> > > 
> > > def create 
> > >     @user = User.new(params[:user].permit(:id, :email, :password,
:roles_mask))
> > > ...etc... 
> > > 
> > > 
> > > and... 
> > > 
> > > def create 
> > >     @user = User.new(params[:user].permit(:id, :email, :password,
:roles_mask[:roles]))
> > > 
> > > 
> > > and.... 
> > > 
> > > def create 
> > >     @user = User.new(params[:user].permit(:id, :email, :password,
:roles))
> > > 
> > > 
> > > But none save the roles. The roles_mask col in the users table is
an integer. It explains the process in the link mentioned on my first post.
Using a "bitmask".
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis
wrote:
> > > Also, watch your console as you update, and see if
there''s a warning about illegal attributes not being saved.
> > > 
> > > Walter 
> > > 
> > > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
> > > 
> > > > Aha. You have a method called roles, but you''re
storing this in roles_mask? Which is a string? You should try adding roles_mask
in the strong parameters, I think.
> > > > 
> > > > Walter 
> > > > 
> > > > 
> > > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
> > > > 
> > > >> Hi Walter, 
> > > >> 
> > > >> Thanks for reply. 
> > > >> 
> > > >> Yes I have added in roles, but perhaps I am doing it
wrong? Here is my users controller for creating and updating...
> > > >> 
> > > >> 
> > > >> def create 
> > > >>    @user = User.new(params[:user].permit(:email,
:password, :roles))
> > > >>    # authorize! :manage, @users 
> > > >> 
> > > >>    respond_to do |format| 
> > > >>      if @user.save 
> > > >>        format.html { redirect_to(@user, :notice =>
''User was successfully created.'') }
> > > >>        format.xml  { render :xml => @user, :status
=> :created, :location => @user }
> > > >>      else 
> > > >>        format.html { render :action =>
"new" }
> > > >>        format.xml  { render :xml => @user.errors,
:status => :unprocessable_entity }
> > > >>      end 
> > > >>    end 
> > > >>  end 
> > > >> 
> > > >>  # PUT /users/1 
> > > >>  # PUT /users/1.xml 
> > > >>  def update 
> > > >>    @user = User.find(params[:id]) 
> > > >> 
> > > >>    respond_to do |format| 
> > > >>      if @user.update(params[:user].permit(:email,
:password, :roles))
> > > >>        format.html { redirect_to(@user, :notice =>
''User was successfully updated.'') }
> > > >>        format.xml  { head :ok } 
> > > >>      else 
> > > >>        format.html { render :action =>
"edit" }
> > > >>        format.xml  { render :xml => @user.errors,
:status => :unprocessable_entity }
> > > >>      end 
> > > >>    end 
> > > >>  end 
> > > >> 
> > > >> 
> > > >> 
> > > >> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip
wrote:
> > > >> Hi, 
> > > >> 
> > > >> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan
gems. sqlite db for local development)
> > > >> 
> > > >> I am a rookie, setting up website and was adding
roles(using cancan gem) to my users table. Everything works great, except when I
select a role for a user it is not getting saved. The user gets saved/created OK
but it never updates/ remembers any roles assigned to the user.
> > > >> 
> > > >> I was following the advice given here(Many roles per
user). Any help or advice is most appreciated...
> > > >> 
> > > >>
https://github.com/ryanb/cancan/wiki/role-based-authorization
> > > >> 
> > > >> Here is my users form... 
> > > >> 
> > > >> <%= form_for(@user) do |f| %> 
> > > >> <div class="field"> 
> > > >>    <%= f.label :email %><br /> 
> > > >>    <%= f.text_field :email %> 
> > > >>  </div> 
> > > >>  <% if @current_method == "new" %> 
> > > >>    <div class="field"> 
> > > >>      <%= f.label :password %><br /> 
> > > >>      <%= f.password_field :password %> 
> > > >>    </div> 
> > > >>    <div class="field"> 
> > > >>      <%= f.label :password_confirmation %><br
/>
> > > >>      <%= f.password_field :password_confirmation
%>
> > > >>    </div> 
> > > >>  <% end %> 
> > > >>  <% for role in User::ROLES %> 
> > > >>    <%= check_box_tag
"user[roles][#{role}]", role, @user.roles.include?(role), {:name =>
"user[roles][]"}%>
> > > >>    <%= label_tag "user_roles_#{role}",
role.humanize %><br />
> > > >>  <% end %> 
> > > >>  <%= hidden_field_tag "user[roles][]",
"" %>
> > > >>  <div class="actions"> 
> > > >>    <%= f.submit %> 
> > > >>  </div> 
> > > >> <% end %> 
> > > >> 
> > > >> 
> > > >> 
> > > >> # /app/model/user.rb 
> > > >> 
> > > >> class User < ActiveRecord::Base 
> > > >> 
> > > >>  ROLES = %w[admin blog_author] 
> > > >> 
> > > >>  def roles=(roles) 
> > > >>    self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r) }.inject(0, :+)
> > > >>  end 
> > > >> 
> > > >>  def roles 
> > > >>    ROLES.reject do |r| 
> > > >>      ((roles_mask.to_i || 0) &
2**ROLES.index(r)).zero?
> > > >>    end 
> > > >>  end 
> > > >> 
> > > >>  def is?(role) 
> > > >>    roles.include?(role.to_s) 
> > > >>  end 
> > > >> 
> > > >>  # Include default devise modules. Others available are:
> > > >>  # :confirmable, :lockable, :timeoutable and
:omniauthable
> > > >>  devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
> > > >> end 
> > > >> 
> > > >> 
> > > >> -- 
> > > >> You received this message because you are subscribed to
the Google Groups "Ruby on Rails: Talk" group.
> > > >> To unsubscribe from this group and stop receiving emails
from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > >> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > >> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
> > > >> For more options, visit
https://groups.google.com/groups/opt_out.
> > > > 
> > > > -- 
> > > > You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
> > > > To unsubscribe from this group and stop receiving emails
from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
> > > > For more options, visit
https://groups.google.com/groups/opt_out.
> > > 
> > > 
> > > -- 
> > > You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
> > > To unsubscribe from this group and stop receiving emails from it,
send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
> > > For more options, visit https://groups.google.com/groups/opt_out.
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To unsubscribe from this group and stop receiving emails from it, send
an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
> > For more options, visit https://groups.google.com/groups/opt_out. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Phillip,

If your roles param is an array, you should tell strong parameters explicitly
like this:

  params[:user].permit(:id, :email, :password, :roles => [])

Excepted from the doc:

 To declare that the value in params must be an array of permitted scalar values
map the key to an empty array:

params.permit(:id => [])




On Tuesday, November 19, 2013 at 9:21 AM, Walter Lee Davis wrote:
> Okay, try this:
> 
> @user = User.new(params[:user].permit(:id, :email, :password,
:password_confirmation, :roles))
> 
> And if that doesn''t do it, then I need to see the raw parameters
from your form submission (they will be in your console).
> 
> Walter
> 
> On Nov 18, 2013, at 6:00 PM, Phillip wrote:
> 
> > Just the users table, "role_mask" the one we want? Here is
the users from schema.rb
> > 
> > create_table "users", force: true do |t|
> > t.string "email", default: "", null: false
> > t.string "encrypted_password", default: "", null:
false
> > t.string "reset_password_token"
> > t.datetime "reset_password_sent_at"
> > t.datetime "remember_created_at"
> > t.integer "sign_in_count", default: 0, null: false
> > t.datetime "current_sign_in_at"
> > t.datetime "last_sign_in_at"
> > t.string "current_sign_in_ip"
> > t.string "last_sign_in_ip"
> > t.datetime "created_at"
> > t.datetime "updated_at"
> > t.integer "roles_mask"
> > end
> > 
> > 
> > 
> > On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote:
> > Okay, so now you know that strong parameters is the problem. Go into
your schema, copy the entire table definition, and paste it here. This will be
easy to fix, just have to see what the actual column name is that you need to
whitelist.
> > 
> > Don''t just leave your controller like this, you are not safe.
> > 
> > Walter 
> > 
> > On Nov 18, 2013, at 5:50 PM, Phillip wrote: 
> > 
> > > Yes! That works. Thanks Walter. 
> > > 
> > > (code now...) 
> > > def create 
> > > @user = User.new(params[:user].permit!) 
> > > 
> > > On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis
wrote:
> > > Okay, try this (just to see if it saves at all): 
> > > 
> > > params[:user].permit! 
> > > 
> > > That turns off strong parameters entirely, so let''s see
if your value is getting saved.
> > > 
> > > Walter 
> > > 
> > > On Nov 18, 2013, at 4:41 PM, Phillip wrote: 
> > > 
> > > > Ah yes, in console I have a line(when creating a user)
saying....
> > > > 
> > > > Unpermitted parameters: password_confirmation, roles 
> > > > 
> > > > 
> > > > I tried... 
> > > > 
> > > > def create 
> > > > @user = User.new(params[:user].permit(:id, :email,
:password, :roles_mask))
> > > > ...etc... 
> > > > 
> > > > 
> > > > and... 
> > > > 
> > > > def create 
> > > > @user = User.new(params[:user].permit(:id, :email,
:password, :roles_mask[:roles]))
> > > > 
> > > > 
> > > > and.... 
> > > > 
> > > > def create 
> > > > @user = User.new(params[:user].permit(:id, :email,
:password, :roles))
> > > > 
> > > > 
> > > > But none save the roles. The roles_mask col in the users
table is an integer. It explains the process in the link mentioned on my first
post. Using a "bitmask".
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee
Davis wrote:
> > > > Also, watch your console as you update, and see if
there''s a warning about illegal attributes not being saved.
> > > > 
> > > > Walter 
> > > > 
> > > > On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
> > > > 
> > > > > Aha. You have a method called roles, but
you''re storing this in roles_mask? Which is a string? You should try
adding roles_mask in the strong parameters, I think.
> > > > > 
> > > > > Walter 
> > > > > 
> > > > > 
> > > > > On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
> > > > > 
> > > > > > Hi Walter, 
> > > > > > 
> > > > > > Thanks for reply. 
> > > > > > 
> > > > > > Yes I have added in roles, but perhaps I am doing
it wrong? Here is my users controller for creating and updating...
> > > > > > 
> > > > > > 
> > > > > > def create 
> > > > > > @user = User.new(params[:user].permit(:email,
:password, :roles))
> > > > > > # authorize! :manage, @users 
> > > > > > 
> > > > > > respond_to do |format| 
> > > > > > if @user.save 
> > > > > > format.html { redirect_to(@user, :notice =>
''User was successfully created.'') }
> > > > > > format.xml { render :xml => @user, :status
=> :created, :location => @user }
> > > > > > else 
> > > > > > format.html { render :action => "new"
}
> > > > > > format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
> > > > > > end 
> > > > > > end 
> > > > > > end 
> > > > > > 
> > > > > > # PUT /users/1 
> > > > > > # PUT /users/1.xml 
> > > > > > def update 
> > > > > > @user = User.find(params[:id]) 
> > > > > > 
> > > > > > respond_to do |format| 
> > > > > > if @user.update(params[:user].permit(:email,
:password, :roles))
> > > > > > format.html { redirect_to(@user, :notice =>
''User was successfully updated.'') }
> > > > > > format.xml { head :ok } 
> > > > > > else 
> > > > > > format.html { render :action =>
"edit" }
> > > > > > format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
> > > > > > end 
> > > > > > end 
> > > > > > end 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > On Monday, November 18, 2013 7:03:09 PM UTC,
Phillip wrote:
> > > > > > Hi, 
> > > > > > 
> > > > > > (Using Rails 4.0.1, Ruby 1.9.3, latest devise and
cancan gems. sqlite db for local development)
> > > > > > 
> > > > > > I am a rookie, setting up website and was adding
roles(using cancan gem) to my users table. Everything works great, except when I
select a role for a user it is not getting saved. The user gets saved/created OK
but it never updates/ remembers any roles assigned to the user.
> > > > > > 
> > > > > > I was following the advice given here(Many roles
per user). Any help or advice is most appreciated...
> > > > > > 
> > > > > >
https://github.com/ryanb/cancan/wiki/role-based-authorization
> > > > > > 
> > > > > > Here is my users form... 
> > > > > > 
> > > > > > <%= form_for(@user) do |f| %> 
> > > > > > <div class="field"> 
> > > > > > <%= f.label :email %><br /> 
> > > > > > <%= f.text_field :email %> 
> > > > > > </div> 
> > > > > > <% if @current_method == "new" %> 
> > > > > > <div class="field"> 
> > > > > > <%= f.label :password %><br /> 
> > > > > > <%= f.password_field :password %> 
> > > > > > </div> 
> > > > > > <div class="field"> 
> > > > > > <%= f.label :password_confirmation %><br
/>
> > > > > > <%= f.password_field :password_confirmation
%>
> > > > > > </div> 
> > > > > > <% end %> 
> > > > > > <% for role in User::ROLES %> 
> > > > > > <%= check_box_tag
"user[roles][#{role}]", role, @user.roles.include?(role), {:name =>
"user[roles][]"}%>
> > > > > > <%= label_tag "user_roles_#{role}",
role.humanize %><br />
> > > > > > <% end %> 
> > > > > > <%= hidden_field_tag "user[roles][]",
"" %>
> > > > > > <div class="actions"> 
> > > > > > <%= f.submit %> 
> > > > > > </div> 
> > > > > > <% end %> 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > # /app/model/user.rb 
> > > > > > 
> > > > > > class User < ActiveRecord::Base 
> > > > > > 
> > > > > > ROLES = %w[admin blog_author] 
> > > > > > 
> > > > > > def roles=(roles) 
> > > > > > self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r) }.inject(0, :+)
> > > > > > end 
> > > > > > 
> > > > > > def roles 
> > > > > > ROLES.reject do |r| 
> > > > > > ((roles_mask.to_i || 0) &
2**ROLES.index(r)).zero?
> > > > > > end 
> > > > > > end 
> > > > > > 
> > > > > > def is?(role) 
> > > > > > roles.include?(role.to_s) 
> > > > > > end 
> > > > > > 
> > > > > > # Include default devise modules. Others available
are:
> > > > > > # :confirmable, :lockable, :timeoutable and
:omniauthable
> > > > > > devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
> > > > > > end 
> > > > > > 
> > > > > > 
> > > > > > -- 
> > > > > > You received this message because you are
subscribed to the Google Groups "Ruby on Rails: Talk" group.
> > > > > > To unsubscribe from this group and stop receiving
emails from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(http://googlegroups.com).
> > > > > > To post to this group, send email to
rubyonra...@googlegroups.com (http://googlegroups.com).
> > > > > > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
> > > > > > For more options, visit
https://groups.google.com/groups/opt_out.
> > > > > > 
> > > > > 
> > > > > 
> > > > > -- 
> > > > > You received this message because you are subscribed to
the Google Groups "Ruby on Rails: Talk" group.
> > > > > To unsubscribe from this group and stop receiving
emails from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(http://googlegroups.com).
> > > > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (http://googlegroups.com).
> > > > > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
> > > > > For more options, visit
https://groups.google.com/groups/opt_out.
> > > > > 
> > > > 
> > > > 
> > > > 
> > > > -- 
> > > > You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
> > > > To unsubscribe from this group and stop receiving emails
from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(http://googlegroups.com).
> > > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (http://googlegroups.com).
> > > > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
> > > > For more options, visit
https://groups.google.com/groups/opt_out.
> > > > 
> > > 
> > > 
> > > 
> > > -- 
> > > You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
> > > To unsubscribe from this group and stop receiving emails from it,
send an email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(http://googlegroups.com).
> > > To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (http://googlegroups.com).
> > > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
> > > For more options, visit https://groups.google.com/groups/opt_out.
> > > 
> > 
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To unsubscribe from this group and stop receiving emails from it, send
an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org).
> > To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org).
> > To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com.
> > For more options, visit https://groups.google.com/groups/opt_out.
> > 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org).
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
(mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org).
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com.
> For more options, visit https://groups.google.com/groups/opt_out.
> 
> 

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/DE9FECB77E434DBAA53314B7666EBF41%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

It looked to me as though he was saving it as a bit mask, though. Does the
strong parameters apply when accepting the input or saving to the persistence
layer?

Walter

On Nov 18, 2013, at 8:26 PM, Derrick Zhang wrote:
>  
> Hi Phillip,
> 
> If your roles param is an array, you should tell strong parameters
explicitly like this:
> 
>   params[:user].permit(:id, :email, :password, :roles => [])
> 
> Excepted from the doc:
>  To declare that the value in params must be an array of permitted scalar
values map the key to an empty array:
> 
> params.permit(:id => [])
> 
> On Tuesday, November 19, 2013 at 9:21 AM, Walter Lee Davis wrote:
> 
>> Okay, try this:
>> 
>> @user = User.new(params[:user].permit(:id, :email, :password,
:password_confirmation, :roles))
>> 
>> And if that doesn''t do it, then I need to see the raw
parameters from your form submission (they will be in your console).
>> 
>> Walter
>> 
>> On Nov 18, 2013, at 6:00 PM, Phillip wrote:
>> 
>>> Just the users table, "role_mask" the one we want? Here
is the users from schema.rb
>>> 
>>> create_table "users", force: true do |t|
>>> t.string "email", default: "", null: false
>>> t.string "encrypted_password", default: "",
null: false
>>> t.string "reset_password_token"
>>> t.datetime "reset_password_sent_at"
>>> t.datetime "remember_created_at"
>>> t.integer "sign_in_count", default: 0, null: false
>>> t.datetime "current_sign_in_at"
>>> t.datetime "last_sign_in_at"
>>> t.string "current_sign_in_ip"
>>> t.string "last_sign_in_ip"
>>> t.datetime "created_at"
>>> t.datetime "updated_at"
>>> t.integer "roles_mask"
>>> end
>>> 
>>> 
>>> 
>>> On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis
wrote:
>>> Okay, so now you know that strong parameters is the problem. Go
into your schema, copy the entire table definition, and paste it here. This will
be easy to fix, just have to see what the actual column name is that you need to
whitelist.
>>> 
>>> Don''t just leave your controller like this, you are not
safe.
>>> 
>>> Walter
>>> 
>>> On Nov 18, 2013, at 5:50 PM, Phillip wrote:
>>> 
>>>> Yes! That works. Thanks Walter.
>>>> 
>>>> (code now...)
>>>> def create
>>>> @user = User.new(params[:user].permit!)
>>>> 
>>>> On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis
wrote:
>>>> Okay, try this (just to see if it saves at all):
>>>> 
>>>> params[:user].permit!
>>>> 
>>>> That turns off strong parameters entirely, so let''s
see if your value is getting saved.
>>>> 
>>>> Walter
>>>> 
>>>> On Nov 18, 2013, at 4:41 PM, Phillip wrote:
>>>> 
>>>>> Ah yes, in console I have a line(when creating a user)
saying....
>>>>> 
>>>>> Unpermitted parameters: password_confirmation, roles
>>>>> 
>>>>> 
>>>>> I tried...
>>>>> 
>>>>> def create
>>>>> @user = User.new(params[:user].permit(:id, :email,
:password, :roles_mask))
>>>>> ...etc...
>>>>> 
>>>>> 
>>>>> and...
>>>>> 
>>>>> def create
>>>>> @user = User.new(params[:user].permit(:id, :email,
:password, :roles_mask[:roles]))
>>>>> 
>>>>> 
>>>>> and....
>>>>> 
>>>>> def create
>>>>> @user = User.new(params[:user].permit(:id, :email,
:password, :roles))
>>>>> 
>>>>> 
>>>>> But none save the roles. The roles_mask col in the users
table is an integer. It explains the process in the link mentioned on my first
post. Using a "bitmask".
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee
Davis wrote:
>>>>> Also, watch your console as you update, and see if
there''s a warning about illegal attributes not being saved.
>>>>> 
>>>>> Walter
>>>>> 
>>>>> On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote:
>>>>> 
>>>>>> Aha. You have a method called roles, but
you''re storing this in roles_mask? Which is a string? You should try
adding roles_mask in the strong parameters, I think.
>>>>>> 
>>>>>> Walter
>>>>>> 
>>>>>> 
>>>>>> On Nov 18, 2013, at 3:50 PM, Phillip wrote:
>>>>>> 
>>>>>>> Hi Walter,
>>>>>>> 
>>>>>>> Thanks for reply.
>>>>>>> 
>>>>>>> Yes I have added in roles, but perhaps I am doing
it wrong? Here is my users controller for creating and updating...
>>>>>>> 
>>>>>>> 
>>>>>>> def create
>>>>>>> @user = User.new(params[:user].permit(:email,
:password, :roles))
>>>>>>> # authorize! :manage, @users
>>>>>>> 
>>>>>>> respond_to do |format|
>>>>>>> if @user.save
>>>>>>> format.html { redirect_to(@user, :notice =>
''User was successfully created.'') }
>>>>>>> format.xml { render :xml => @user, :status =>
:created, :location => @user }
>>>>>>> else
>>>>>>> format.html { render :action => "new"
}
>>>>>>> format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
>>>>>>> end
>>>>>>> end
>>>>>>> end
>>>>>>> 
>>>>>>> # PUT /users/1
>>>>>>> # PUT /users/1.xml
>>>>>>> def update
>>>>>>> @user = User.find(params[:id])
>>>>>>> 
>>>>>>> respond_to do |format|
>>>>>>> if @user.update(params[:user].permit(:email,
:password, :roles))
>>>>>>> format.html { redirect_to(@user, :notice =>
''User was successfully updated.'') }
>>>>>>> format.xml { head :ok }
>>>>>>> else
>>>>>>> format.html { render :action => "edit"
}
>>>>>>> format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
>>>>>>> end
>>>>>>> end
>>>>>>> end
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> On Monday, November 18, 2013 7:03:09 PM UTC,
Phillip wrote:
>>>>>>> Hi,
>>>>>>> 
>>>>>>> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and
cancan gems. sqlite db for local development)
>>>>>>> 
>>>>>>> I am a rookie, setting up website and was adding
roles(using cancan gem) to my users table. Everything works great, except when I
select a role for a user it is not getting saved. The user gets saved/created OK
but it never updates/ remembers any roles assigned to the user.
>>>>>>> 
>>>>>>> I was following the advice given here(Many roles
per user). Any help or advice is most appreciated...
>>>>>>> 
>>>>>>>
https://github.com/ryanb/cancan/wiki/role-based-authorization
>>>>>>> 
>>>>>>> Here is my users form...
>>>>>>> 
>>>>>>> <%= form_for(@user) do |f| %>
>>>>>>> <div class="field">
>>>>>>> <%= f.label :email %><br />
>>>>>>> <%= f.text_field :email %>
>>>>>>> </div>
>>>>>>> <% if @current_method == "new" %>
>>>>>>> <div class="field">
>>>>>>> <%= f.label :password %><br />
>>>>>>> <%= f.password_field :password %>
>>>>>>> </div>
>>>>>>> <div class="field">
>>>>>>> <%= f.label :password_confirmation %><br
/>
>>>>>>> <%= f.password_field :password_confirmation
%>
>>>>>>> </div>
>>>>>>> <% end %>
>>>>>>> <% for role in User::ROLES %>
>>>>>>> <%= check_box_tag
"user[roles][#{role}]", role, @user.roles.include?(role), {:name =>
"user[roles][]"}%>
>>>>>>> <%= label_tag "user_roles_#{role}",
role.humanize %><br />
>>>>>>> <% end %>
>>>>>>> <%= hidden_field_tag "user[roles][]",
"" %>
>>>>>>> <div class="actions">
>>>>>>> <%= f.submit %>
>>>>>>> </div>
>>>>>>> <% end %>
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> # /app/model/user.rb
>>>>>>> 
>>>>>>> class User < ActiveRecord::Base
>>>>>>> 
>>>>>>> ROLES = %w[admin blog_author]
>>>>>>> 
>>>>>>> def roles=(roles)
>>>>>>> self.roles_mask = (roles & ROLES).map { |r|
2**ROLES.index(r) }.inject(0, :+)
>>>>>>> end
>>>>>>> 
>>>>>>> def roles
>>>>>>> ROLES.reject do |r|
>>>>>>> ((roles_mask.to_i || 0) &
2**ROLES.index(r)).zero?
>>>>>>> end
>>>>>>> end
>>>>>>> 
>>>>>>> def is?(role)
>>>>>>> roles.include?(role.to_s)
>>>>>>> end
>>>>>>> 
>>>>>>> # Include default devise modules. Others available
are:
>>>>>>> # :confirmable, :lockable, :timeoutable and
:omniauthable
>>>>>>> devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
>>>>>>> end
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> You received this message because you are
subscribed to the Google Groups "Ruby on Rails: Talk" group.
>>>>>>> To unsubscribe from this group and stop receiving
emails from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>>>>> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>>>>> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
>>>>>>> For more options, visit
https://groups.google.com/groups/opt_out.
>>>>>> 
>>>>>> --
>>>>>> You received this message because you are subscribed to
the Google Groups "Ruby on Rails: Talk" group.
>>>>>> To unsubscribe from this group and stop receiving
emails from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>>>> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>>>> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
>>>>>> For more options, visit
https://groups.google.com/groups/opt_out.
>>>>> 
>>>>> 
>>>>> --
>>>>> You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
>>>>> To unsubscribe from this group and stop receiving emails
from it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>>> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>>> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
>>>>> For more options, visit
https://groups.google.com/groups/opt_out.
>>>> 
>>>> 
>>>> --
>>>> You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
>>>> To unsubscribe from this group and stop receiving emails from
it, send an email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
>>>> For more options, visit
https://groups.google.com/groups/opt_out.
>>> 
>>> 
>>> --
>>> You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
>>> To unsubscribe from this group and stop receiving emails from it,
send an email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>> 
>> --
>> You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
>> To unsubscribe from this group and stop receiving emails from it, send
an email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/DE9FECB77E434DBAA53314B7666EBF41%40gmail.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/B5C85A40-9639-4A55-A373-2BDC76303BD5%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Yes that has it working now! The world is beautiful again.

Walter, Derrick, I can get phase one up and running thanks to this. Thanks 
a million guys!



On Tuesday, November 19, 2013 1:26:45 AM UTC, Derrick Zhang
wrote:
>
>  
> Hi Phillip,
>
> If your roles param is an array, you should tell strong parameters 
> explicitly like this: 
>
>   params[:user].permit(:id, :email, :password, :roles => [])
>
> Excepted from the doc:
>
>  To declare that the value in params must be an array of permitted scalar 
> values map the key to an empty array:
>
> params.permit(:id => [])
>
>
>  On Tuesday, November 19, 2013 at 9:21 AM, Walter Lee Davis wrote:
>
> Okay, try this:
>
> @user = User.new(params[:user].permit(:id, :email, :password, 
> :password_confirmation, :roles))
>
> And if that doesn''t do it, then I need to see the raw parameters
from your
> form submission (they will be in your console).
>
> Walter
>
> On Nov 18, 2013, at 6:00 PM, Phillip wrote:
>
> Just the users table, "role_mask" the one we want? Here is the
users from
> schema.rb
>
> create_table "users", force: true do |t|
> t.string "email", default: "", null: false
> t.string "encrypted_password", default: "", null: false
> t.string "reset_password_token"
> t.datetime "reset_password_sent_at"
> t.datetime "remember_created_at"
> t.integer "sign_in_count", default: 0, null: false
> t.datetime "current_sign_in_at"
> t.datetime "last_sign_in_at"
> t.string "current_sign_in_ip"
> t.string "last_sign_in_ip"
> t.datetime "created_at"
> t.datetime "updated_at"
> t.integer "roles_mask"
> end
>
>
>
> On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote:
> Okay, so now you know that strong parameters is the problem. Go into your 
> schema, copy the entire table definition, and paste it here. This will be 
> easy to fix, just have to see what the actual column name is that you need 
> to whitelist. 
>
> Don''t just leave your controller like this, you are not safe. 
>
> Walter 
>
> On Nov 18, 2013, at 5:50 PM, Phillip wrote: 
>
> Yes! That works. Thanks Walter. 
>
> (code now...) 
> def create 
> @user = User.new(params[:user].permit!) 
>
> On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote: 
> Okay, try this (just to see if it saves at all): 
>
> params[:user].permit! 
>
> That turns off strong parameters entirely, so let''s see if your
value is
> getting saved. 
>
> Walter 
>
> On Nov 18, 2013, at 4:41 PM, Phillip wrote: 
>
> Ah yes, in console I have a line(when creating a user) saying.... 
>
> Unpermitted parameters: password_confirmation, roles 
>
>
> I tried... 
>
> def create 
> @user = User.new(params[:user].permit(:id, :email, :password, 
> :roles_mask)) 
> ...etc... 
>
>
> and... 
>
> def create 
> @user = User.new(params[:user].permit(:id, :email, :password, 
> :roles_mask[:roles])) 
>
>
> and.... 
>
> def create 
> @user = User.new(params[:user].permit(:id, :email, :password, :roles)) 
>
>
> But none save the roles. The roles_mask col in the users table is an 
> integer. It explains the process in the link mentioned on my first post. 
> Using a "bitmask". 
>
>
>
>
>
>
>
>
>
> On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote: 
> Also, watch your console as you update, and see if there''s a
warning about
> illegal attributes not being saved. 
>
> Walter 
>
> On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote: 
>
> Aha. You have a method called roles, but you''re storing this in 
> roles_mask? Which is a string? You should try adding roles_mask in the 
> strong parameters, I think. 
>
> Walter 
>
>
> On Nov 18, 2013, at 3:50 PM, Phillip wrote: 
>
> Hi Walter, 
>
> Thanks for reply. 
>
> Yes I have added in roles, but perhaps I am doing it wrong? Here is my 
> users controller for creating and updating... 
>
>
> def create 
> @user = User.new(params[:user].permit(:email, :password, :roles)) 
> # authorize! :manage, @users 
>
> respond_to do |format| 
> if @user.save 
> format.html { redirect_to(@user, :notice => ''User was
successfully
> created.'') } 
> format.xml { render :xml => @user, :status => :created, :location
=> @user
> } 
> else 
> format.html { render :action => "new" } 
> format.xml { render :xml => @user.errors, :status =>
:unprocessable_entity
> } 
> end 
> end 
> end 
>
> # PUT /users/1 
> # PUT /users/1.xml 
> def update 
> @user = User.find(params[:id]) 
>
> respond_to do |format| 
> if @user.update(params[:user].permit(:email, :password, :roles)) 
> format.html { redirect_to(@user, :notice => ''User was
successfully
> updated.'') } 
> format.xml { head :ok } 
> else 
> format.html { render :action => "edit" } 
> format.xml { render :xml => @user.errors, :status =>
:unprocessable_entity
> } 
> end 
> end 
> end 
>
>
>
> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote: 
> Hi, 
>
> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite db 
> for local development) 
>
> I am a rookie, setting up website and was adding roles(using cancan gem) 
> to my users table. Everything works great, except when I select a role for 
> a user it is not getting saved. The user gets saved/created OK but it never
> updates/ remembers any roles assigned to the user. 
>
> I was following the advice given here(Many roles per user). Any help or 
> advice is most appreciated... 
>
> https://github.com/ryanb/cancan/wiki/role-based-authorization 
>
> Here is my users form... 
>
> <%= form_for(@user) do |f| %> 
> <div class="field"> 
> <%= f.label :email %><br /> 
> <%= f.text_field :email %> 
> </div> 
> <% if @current_method == "new" %> 
> <div class="field"> 
> <%= f.label :password %><br /> 
> <%= f.password_field :password %> 
> </div> 
> <div class="field"> 
> <%= f.label :password_confirmation %><br /> 
> <%= f.password_field :password_confirmation %> 
> </div> 
> <% end %> 
> <% for role in User::ROLES %> 
> <%= check_box_tag "user[roles][#{role}]", role, 
> @user.roles.include?(role), {:name => "user[roles][]"}%> 
> <%= label_tag "user_roles_#{role}", role.humanize %><br
/>
> <% end %> 
> <%= hidden_field_tag "user[roles][]", "" %> 
> <div class="actions"> 
> <%= f.submit %> 
> </div> 
> <% end %> 
>
>
>
> # /app/model/user.rb 
>
> class User < ActiveRecord::Base 
>
> ROLES = %w[admin blog_author] 
>
> def roles=(roles) 
> self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r)
}.inject(0,
> :+) 
> end 
>
> def roles 
> ROLES.reject do |r| 
> ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero? 
> end 
> end 
>
> def is?(role) 
> roles.include?(role.to_s) 
> end 
>
> # Include default devise modules. Others available are: 
> # :confirmable, :lockable, :timeoutable and :omniauthable 
> devise :database_authenticatable, :registerable, :recoverable, 
> :rememberable, :trackable, :validatable 
> end 
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
>
> For more options, visit https://groups.google.com/groups/opt_out. 
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
>
> For more options, visit https://groups.google.com/groups/opt_out. 
>
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
>
> For more options, visit https://groups.google.com/groups/opt_out. 
>
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
>
> For more options, visit https://groups.google.com/groups/opt_out. 
>
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
<javascript:>.
> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<javascript:>
> .
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to rubyonrails-ta...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
<javascript:>.
> To post to this group, send email to
rubyonra...-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<javascript:>
> .
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>
>  
>  
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/7023d4d2-526d-46c0-9589-d5225e8ccf9e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Tuesday, November 19, 2013 3:00:35 PM UTC, Walter Lee Davis
wrote:
>
> It looked to me as though he was saving it as a bit mask, though. Does the 
> strong parameters apply when accepting the input or saving to the 
> persistence layer? 
>
Strong parameters filter the input before it hits the model object - how 
you persist it is irrelevant.

Fred
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6064d62c-4121-4c5c-b184-afdbda044ab3%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Nov 20, 2013, at 10:27 AM, Frederick Cheung wrote:
> 
> 
> On Tuesday, November 19, 2013 3:00:35 PM UTC, Walter Lee Davis wrote:
> It looked to me as though he was saving it as a bit mask, though. Does the
strong parameters apply when accepting the input or saving to the persistence
layer?
> 
> Strong parameters filter the input before it hits the model object - how
you persist it is irrelevant.
> 
> Fred
> 
> 
Thanks! That clears up a lingering question for me.

Walter
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/6064d62c-4121-4c5c-b184-afdbda044ab3%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/8DC59BA7-562D-4788-AB6E-0AE0378C2AE1%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.