I'm using a simple model for user authorisation with two ActiveRecords User and Role
User and Role have a HABTM relation to each other.
I tried to created a user interface for assigning roles to users with simple checkboxes - just like in Railscasts Episode #17.
My problem is that neither User#new nor User#update_attributes use the parameters submitted by my form to update the relation between the User object and its roles. params[:user][:role_ids] contains the correct values. But calling @user.roles right after User.new(params[:user]) or @user.update_attributes(params[:user]) returns an empty array.
Manually assigning roles with @user.roles or @user.role_ids works, but not the "magic" inside User#new or User#update_attributes.
Any ideas?
-
The chances are high that you have either attr_accessible or attr_protected call in your User model, thus making role_ids protected from mass assignment.
If you really want to update roles via mass assignment operators, just add
attr_accessible :role_idsto your model. However, I recommend you reading http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment first, just to know all potential problems of mass assignment.
Koraktor : Thank you very much. Just read about that yesterday, but missed it when creating my models.
0 comments:
Post a Comment