Kristian Rasmussen
2012-Oct-24 18:21 UTC
Accepts_nested_attributes_for gives mass assignment error when roles are used
Hi,
I''ve got a rails question. I get a MassAssignmentSecurity::Error when I
do
the following:
class User < ActiveRecord::Base
default = [:first_name, :last_name]
attr_accessible *default
attr_accessbile *default, :metadatas_attributes, as: :admin
has_many :metadatas
accepts_nested_attributes_for :metadatas
end
I want to restrict access to metadata, so only admins can update it through
mass assignment on the User model.
class Metadata < ActiveRecord::Base
attr_accessible :content
end
class UserController < ApplicationController
...
def create
@user = User.new
@user.assign_attributes(params[:user], as: :admin)
...
end
end
When I apply the as: :admin, I get a
ActiveModel::MassAssignmentSecurity::Error:
Can''t mass-assign protected attributes: content
If I do it without the role, and remove that it the attr_accessible in the
User model, it works.
Is accepts_nested_attributes_for missing the role option from
attr_accessible?
---
Kristian Rasmussen
@iamkristian | iamkristian.com
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/J_Ex3N3cOuAJ.
For more options, visit https://groups.google.com/groups/opt_out.