similar to: WARNING: Can't mass-assign these protected attributes: active

Hi, I''m working on a Rails 3.2.2 application which has JSON APIs and I use a CLI client for inserting some data. It works fine except for the Author model. When I try to create a new post (Post belongs_to :author and Author has_many :posts) I get the following error : <h1> ActiveModel::MassAssignmentSecurity::Error in PostsController#create </h1>

I''ve got a really strange problem using belongs_to. I apologize in advance for the length... this is going to take a while to explain. Basic idea: Creating a User requires that the user enter an email address and activation key that matches an existing PendingUser. After creating the user successfully, that pending user should be marked as "used". The problem: When I

I''ve been puzzling over how to test that attr_accessible has been set for the correct columns; but the tests I''ve come up with so far seem to fail to fail when I expect. I came across this old message from this list: http://www.mail-archive.com/rspec-users at rubyforge.org/msg01570.html Which seemed like a plausible example, but my attempt (modeled on the example)

I''m going though the paper back edition of agile development with Rails. On page #128 I encountered following lines of code: attr_accessor :password attr_accessible :name,:password What''s the difference between attr_accessor and attr_accessible? -=- Neeraj _______________________________________________ Rails mailing list

Is anyone out there writing specs to check attr_accessible fields? I had originally written my spec to check for allowing the desired fields, and then none of the other regular db fields. Unfortunately this isn''t satisfactory, because attr_protected could have been used instead, which of course wouldn''t prevent mass assignment to any whatever=(val) method. I''m thinking

Hi Im trying to link my User model to a Teams model. I seem to be getting the following errors. Any help would be great as Im just new to RoR Thanks error ActiveRecord::AssociationTypeMismatch in UsersController#update Team(#2183395560) expected, got String(#2174675960) app/controllers/users_controller.rb:67:in `update'' app/controllers/users_controller.rb:66:in `update''

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

#user.rb ------> Model class User < ActiveRecord::Base attr_accessible :email, :name, :password, :password_confirmation has_secure_password before_save :create_remember_token . . . . . . . private def create_remember_token self.remember_token = SecureRandom.urlsafe_base64 end end #sessions_controller.rb ------->

Hi, I''ve a question concerning validates_acceptance_of method. Documentation says that the validated attribute is a virtual one, without a field in db. But when I add such an attribute to my form (say check_box(:xyz, :agreement)), it''s passed in params[:xyz][:agreement], but not assigned when calling Xyz.new(params[:xyz]), probably because corresponding field

Hi all, I just installed cancan on a new project and found out that it creates some problems with the new scoped mass assignment features of rails 3.2 . Basically, in my User model I create some attr_accessible attributes in order to avoid users to edit their roles or other sensitive information. From the administration I allow admins to edit those protected attributes by passing

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

I''m going through DHH''s Agile Web Development with Rails for Rails 3.1. In chapter 14 they create a Users sign-in model/view/controller using the has_secure_password method. My user.rb file looks like this class User < ActiveRecord::Base attr_accessible :name, :password_digest, :password, :password_confirmation validates :name, presence: true, uniqueness:

Hi everyone, i have 20 fields in users table. in my admin profile module the admin can modify his infomation. but only 12 fields he can able to modify. so in my controller if params[ :profileinfo ][:first_name] @profileinfo.update_attribute(:first_name,params[ :profileinfo ][:first_name]) end the above simply saves what i enter into the field.why it doesnot consider the modelvalidation.

Hi, What''s the difference between attr_accessor and attr_accessible? Is attr_accessor to create a virtual variable/object and attr_accessible makes it accessible? Do you need attr_accessible if you already have attr_accessor? Thanks! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails:

Rails 2.3.5 I am working on a nested form that assigns roles to users through a table called clearances. I have attr_acessable turned off globally in an initializer: ActiveRecord::Base.send(:attr_accessible, nil) I have this set in clearance.rb attr_accessible(:description, :effective_from, :role_id, :superceded_after, :user_id) And this is what params looks like after the

Hello, I have this models class Berichten < ActiveRecord::Base attr_accessible :bericht, :user belongs_to :user belongs_to :Category end class User < ActiveRecord::Base attr_accessible :email, :name has_many :berichten end class Category < ActiveRecord::Base attr_accessible :id :name has_many :berichten end What I wonder is what the right url is when I want to place a

I got the following error when trying to create the elibrary instance (rdb:21) @elibrary = Elibrary.new(params[:elibrary]) RuntimeError Exception: Declare either attr_protected or attr_accessible for Elibrary, but not both. params : "elibrary"=>{"title"=>"bingo three", "short_description"=>"something new",

Hey, I got a form which looks like this: - form_for(@article, :html => {:multipart => true}, :url => articles_path) do |f| = errors_for(@article) .field = f.label :text %br = f.text_field :text .field = f.label :author_id %br = f.text_field :author_id .actions = f.submit But since I don''t want anyone to type in an author id I changed it

(I posted this as a bug in GitHub (https://github.com/rails/rails/issues/7018), but then someone there told me I should post it here, so here it is.) If you set attr_accessible on some properties in an ActiveRecord-descended class, and then attr_protected on others - the class becomes ''default-open'' - if any properties are missed or added later, they will be accessible by

I have two models bank and country. User should only associate a Bank with a country id present in the country table and I put validates presence of country to enforce it but i get error mysql2::Error: Unknown column ''countries.bank_id'' in ''where clause'': SELECT `countries`.* FROM `countries` WHERE `countries`.`bank_id` = 17 LIMIT 1 when updating the bank