Hi,
I’ve got a rails question. I get a MassAssignmentSecurity::Error when I
do
the following:
class User < ActiveRecord::Base
default = [:first_name, :last_name]
attr_accessible *default
attr_accessbile *default, :metadatas_attributes, as: :admin
has_many :metadatas
accepts_nested_attributes_for :metadatas
end
I want to restrict access to metadata, so only admins can update it
through
mass assignment on the User model.
class Metadata < ActiveRecord::Base
attr_accessible :content
end
class UserController < ApplicationController
…
def create
@user = User.new
@user.assign_attributes(params[:user], as: :admin)
…
end
end
When I apply the as: :admin, I get a
ActiveModel::MassAssignmentSecurity::Error:
Can’t mass-assign protected attributes: content
If I do it without the role, and remove that it the attr_accessible in
the
User model, it works.
Is accepts_nested_attributes_for missing the role option from
attr_accessible?
Kristian Rasmussen
@iamkristian | iamkristian.com