It looked to me as though he was saving it as a bit mask, though. Does the
strong parameters apply when accepting the input or saving to the persistence
layer?
Walter
On Nov 18, 2013, at 8:26 PM, Derrick Zhang wrote:
>
> Hi Phillip,
>
> If your roles param is an array, you should tell strong parameters explicitly
> like this:
>
> params[:user].permit(:id, :email, :password, :roles => [])
>
> Excepted from the doc:
> To declare that the value in params must be an array of permitted scalar
> values map the key to an empty array:
>
> params.permit(:id => [])
>
> On Tuesday, November 19, 2013 at 9:21 AM, Walter Lee Davis wrote:
>
>> Okay, try this:
>>
>> @user = User.new(params[:user].permit(:id, :email, :password,
>> :password_confirmation, :roles))
>>
>> And if that doesn't do it, then I need to see the raw parameters from your
>> form submission (they will be in your console).
>>
>> Walter
>>
>> On Nov 18, 2013, at 6:00 PM, Phillip wrote:
>>
>>> Just the users table, "role_mask" the one we want? Here is the users from
>>> schema.rb
>>>
>>> create_table "users", force: true do |t|
>>> t.string "email", default: "", null: false
>>> t.string "encrypted_password", default: "", null: false
>>> t.string "reset_password_token"
>>> t.datetime "reset_password_sent_at"
>>> t.datetime "remember_created_at"
>>> t.integer "sign_in_count", default: 0, null: false
>>> t.datetime "current_sign_in_at"
>>> t.datetime "last_sign_in_at"
>>> t.string "current_sign_in_ip"
>>> t.string "last_sign_in_ip"
>>> t.datetime "created_at"
>>> t.datetime "updated_at"
>>> t.integer "roles_mask"
>>> end
>>>
>>>
>>>
>>> On Monday, November 18, 2013 10:52:53 PM UTC, Walter Lee Davis wrote:
>>> Okay, so now you know that strong parameters is the problem. Go into your
>>> schema, copy the entire table definition, and paste it here. This will be
>>> easy to fix, just have to see what the actual column name is that you need
>>> to whitelist.
>>>
>>> Don't just leave your controller like this, you are not safe.
>>>
>>> Walter
>>>
>>> On Nov 18, 2013, at 5:50 PM, Phillip wrote:
>>>
>>>> Yes! That works. Thanks Walter.
>>>>
>>>> (code now...)
>>>> def create
>>>> @user = User.new(params[:user].permit!)
>>>>
>>>> On Monday, November 18, 2013 10:30:42 PM UTC, Walter Lee Davis wrote:
>>>> Okay, try this (just to see if it saves at all):
>>>>
>>>> params[:user].permit!
>>>>
>>>> That turns off strong parameters entirely, so let's see if your value is
>>>> getting saved.
>>>>
>>>> Walter
>>>>
>>>> On Nov 18, 2013, at 4:41 PM, Phillip wrote:
>>>>
>>>>> Ah yes, in console I have a line(when creating a user) saying....
>>>>>
>>>>> Unpermitted parameters: password_confirmation, roles
>>>>>
>>>>>
>>>>> I tried...
>>>>>
>>>>> def create
>>>>> @user = User.new(params[:user].permit(:id, :email, :password,
>>>>> :roles_mask))
>>>>> ...etc...
>>>>>
>>>>>
>>>>> and...
>>>>>
>>>>> def create
>>>>> @user = User.new(params[:user].permit(:id, :email, :password,
>>>>> :roles_mask[:roles]))
>>>>>
>>>>>
>>>>> and....
>>>>>
>>>>> def create
>>>>> @user = User.new(params[:user].permit(:id, :email, :password, :roles))
>>>>>
>>>>>
>>>>> But none save the roles. The roles_mask col in the users table is an
>>>>> integer. It explains the process in the link mentioned on my first post.
>>>>> Using a "bitmask".
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Monday, November 18, 2013 9:07:52 PM UTC, Walter Lee Davis wrote:
>>>>> Also, watch your console as you update, and see if there's a warning
>>>>> about illegal attributes not being saved.
>>>>>
>>>>> Walter
>>>>>
>>>>> On Nov 18, 2013, at 4:04 PM, Walter Lee Davis wrote:
>>>>>
>>>>>> Aha. You have a method called roles, but you're storing this in
>>>>>> roles_mask? Which is a string? You should try adding roles_mask in the
>>>>>> strong parameters, I think.
>>>>>>
>>>>>> Walter
>>>>>>
>>>>>>
>>>>>> On Nov 18, 2013, at 3:50 PM, Phillip wrote:
>>>>>>
>>>>>>> Hi Walter,
>>>>>>>
>>>>>>> Thanks for reply.
>>>>>>>
>>>>>>> Yes I have added in roles, but perhaps I am doing it wrong? Here is my
>>>>>>> users controller for creating and updating...
>>>>>>>
>>>>>>>
>>>>>>> def create
>>>>>>> @user = User.new(params[:user].permit(:email, :password, :roles))
>>>>>>> # authorize! :manage, @users
>>>>>>>
>>>>>>> respond_to do |format|
>>>>>>> if @user.save
>>>>>>> format.html { redirect_to(@user, :notice => 'User was successfully
>>>>>>> created.') }
>>>>>>> format.xml { render :xml => @user, :status => :created, :location =>
>>>>>>> @user }
>>>>>>> else
>>>>>>> format.html { render :action => "new" }
>>>>>>> format.xml { render :xml => @user.errors, :status =>
>>>>>>> :unprocessable_entity }
>>>>>>> end
>>>>>>> end
>>>>>>> end
>>>>>>>
>>>>>>> # PUT /users/1
>>>>>>> # PUT /users/1.xml
>>>>>>> def update
>>>>>>> @user = User.find(params[:id])
>>>>>>>
>>>>>>> respond_to do |format|
>>>>>>> if @user.update(params[:user].permit(:email, :password, :roles))
>>>>>>> format.html { redirect_to(@user, :notice => 'User was successfully
>>>>>>> updated.') }
>>>>>>> format.xml { head :ok }
>>>>>>> else
>>>>>>> format.html { render :action => "edit" }
>>>>>>> format.xml { render :xml => @user.errors, :status =>
>>>>>>> :unprocessable_entity }
>>>>>>> end
>>>>>>> end
>>>>>>> end
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Monday, November 18, 2013 7:03:09 PM UTC, Phillip wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> (Using Rails 4.0.1, Ruby 1.9.3, latest devise and cancan gems. sqlite
>>>>>>> db for local development)
>>>>>>>
>>>>>>> I am a rookie, setting up website and was adding roles(using cancan
>>>>>>> gem) to my users table. Everything works great, except when I select a
>>>>>>> role for a user it is not getting saved. The user gets saved/created OK
>>>>>>> but it never updates/ remembers any roles assigned to the user.
>>>>>>>
>>>>>>> I was following the advice given here(Many roles per user). Any help or
>>>>>>> advice is most appreciated...
>>>>>>>
>>>>>>> https://github.com/ryanb/cancan/wiki/role-based-authorization
>>>>>>>
>>>>>>> Here is my users form...
>>>>>>>
>>>>>>> <%= form_for(@user) do |f| %>
>>>>>>> <div class="field">
>>>>>>> <%= f.label :email %><br />
>>>>>>> <%= f.text_field :email %>
>>>>>>> </div>
>>>>>>> <% if @current_method == "new" %>
>>>>>>> <div class="field">
>>>>>>> <%= f.label :password %><br />
>>>>>>> <%= f.password_field :password %>
>>>>>>> </div>
>>>>>>> <div class="field">
>>>>>>> <%= f.label :password_confirmation %><br />
>>>>>>> <%= f.password_field :password_confirmation %>
>>>>>>> </div>
>>>>>>> <% end %>
>>>>>>> <% for role in User::ROLES %>
>>>>>>> <%= check_box_tag "user[roles][#{role}]", role,
>>>>>>> @user.roles.include?(role), {:name => "user[roles][]"}%>
>>>>>>> <%= label_tag "user_roles_#{role}", role.humanize %><br />
>>>>>>> <% end %>
>>>>>>> <%= hidden_field_tag "user[roles][]", "" %>
>>>>>>> <div class="actions">
>>>>>>> <%= f.submit %>
>>>>>>> </div>
>>>>>>> <% end %>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> # /app/model/user.rb
>>>>>>>
>>>>>>> class User < ActiveRecord::Base
>>>>>>>
>>>>>>> ROLES = %w[admin blog_author]
>>>>>>>
>>>>>>> def roles=(roles)
>>>>>>> self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r)
>>>>>>> }.inject(0, :+)
>>>>>>> end
>>>>>>>
>>>>>>> def roles
>>>>>>> ROLES.reject do |r|
>>>>>>> ((roles_mask.to_i || 0) & 2**ROLES.index(r)).zero?
>>>>>>> end
>>>>>>> end
>>>>>>>
>>>>>>> def is?(role)
>>>>>>> roles.include?(role.to_s)
>>>>>>> end
>>>>>>>
>>>>>>> # Include default devise modules. Others available are:
>>>>>>> # :confirmable, :lockable, :timeoutable and :omniauthable
>>>>>>> devise :database_authenticatable, :registerable, :recoverable,
>>>>>>> :rememberable, :trackable, :validatable
>>>>>>> end
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "Ruby on Rails: Talk" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>>>> an email to [email protected].
>>>>>>> To post to this group, send email to [email protected].
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/rubyonrails-talk/6b9fed85-e8c9-471d-a2ea-b9d223bf33a1%40googlegroups.com.
>>>>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "Ruby on Rails: Talk" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>>> an email to [email protected].
>>>>>> To post to this group, send email to [email protected].
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/rubyonrails-talk/06C8EADD-E307-4517-A2C3-E53FA54172B2%40wdstudio.com.
>>>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups
>>>>> "Ruby on Rails: Talk" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send an
>>>>> email to [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/rubyonrails-talk/0021820d-a9f3-4874-a9a0-4a2d9a883408%40googlegroups.com.
>>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "Ruby on Rails: Talk" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send an
>>>> email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/rubyonrails-talk/9857f35c-6fe9-4fe5-ae7d-ca446577e94f%40googlegroups.com.
>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Ruby on Rails: Talk" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to [email protected].
>>> To post to this group, send email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/rubyonrails-talk/962437f6-9663-4ff0-b0a2-8f950d590938%40googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ruby on Rails: Talk" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/rubyonrails-talk/B8F6D9B6-1823-4B3C-A443-30F3D922C4DF%40wdstudio.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/DE9FECB77E434DBAA53314B7666EBF41%40gmail.com.
> For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/B5C85A40-9639-4A55-A373-2BDC76303BD5%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.
