WARNING: Can't mass-assign these protected attributes: name, password, email

34 views
Skip to first unread message

João Pereira

unread,
Nov 20, 2009, 12:34:28 PM11/20/09
to rubyonra...@googlegroups.com
Hi, 

I'm having the follwoing Warning preventing a model to be saved:

WARNING: Can't mass-assign these protected attributes: name, password, email

My Model is:

class User < ActiveRecord::Base

  
 attr_accessible :password_confirmation 
 validates_confirmation_of :password
  
  
attr_accessible :email_confirmation
 validates_confirmation_of :email 
  
  
  #Password reader
  def password
    @password
  end
  
  #Password writer
  def password=(pwd)
    @password = pwd
    return if pwd.blank?
    create_new_salt
    self.hashed_password = User.encrypt_password(self.password, self.salt)
  end
end

My users table is as following:

create_table "users", :force => true do |t|
    t.string   "name"
    t.string   "hashed_password"
    t.string   "salt"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "email"
    t.string   "activation_key"
    t.boolean  "active"


If I unit tes the model, everything goes fine. If I use the view to create a new users I get that warning and nothing is saved.
My users_controller is as follows (generated by scaffolding)


 # POST /users
  # POST /users.xml
  def create
    @user = User.new(params[:user])

    respond_to do |format|
      if @user.save
        flash[:notice] = 'User was successfully created.'
        format.html { redirect_to(@user) }
        format.xml  { render :xml => @user, :status => :created, :location => @user }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

 # GET /users/new
  # GET /users/new.xml
  def new
    @user = User.new

    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @user }
    end
  end

Can someone give me an hint?

Thank you,

Artem Korolev

unread,
Nov 23, 2009, 2:24:03 AM11/23/09
to rubyonra...@googlegroups.com
You must add name, password, email into attr_accessible to.

2009/11/20 João Pereira <jonhy...@gmail.com>:
> --
>
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-ta...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=.
>

Rob Biedenharn

unread,
Nov 23, 2009, 8:19:52 AM11/23/09
to rubyonra...@googlegroups.com
Or you meant to say: attr_accessor to simply add the *_confirmation
attributes that aren't stored in the database. If you were going to
use attr_accessible, then you'd probably want :name in there if you
wanted User.update_attributes(params[:user]) to actually update the
user's name from an edit form.

-Rob
Rob Biedenharn http://agileconsultingllc.com
R...@AgileConsultingLLC.com



Reply all
Reply to author
Forward
0 new messages