Nested forms and attr_accessable

byrnejb · January 21, 2010, 10:04pm

Rails 2.3.5

I am working on a nested form that assigns roles to users through a
table called clearances. I have attr_acessable turned off globally in
an initializer:

ActiveRecord::Base.send(:attr_accessible, nil)

I have this set in clearance.rb

attr_accessible(:description,
:effective_from,
:role_id,
:superceded_after,
:user_id)

And this is what params looks like after the submit button is
selected:

{“user”=>{“id”=>“146”}, “commit”=>“Commit Changes”, “_method”=>“put”,
“action”=>“update”, “clearance”=>[{“id”=>“122”, “description”=>“Just a
test”, “effective_from”=>“2009-01-01”}, {“role_id”=>“178”,
“effective_from”=>“2010-01-21 00:00:00 -0500”, “user_id”=>“146”}],
“controller”=>“user_roles”}

But this:

if @user.update_attributes!(params[:user])

neither raises an error nor updates the rows. I have tried this with
and without the attr_accessible initializer and the results are the
same ether way.

I read that this should work with nested rows but I cannot determine
what I might be doing wrong. Can anyone see what might be happening?

byrnejb · January 23, 2010, 1:57pm

James B. wrote:

…
And this is what params looks like after the submit button is
selected:

{“user”=> {“id”=>“146”}, “commit”=>“Commit Changes”, “_method”=>“put”,
“action”=>“update”, “clearance”=>[{“id”=>“122”, “description”=>“Just a
test”, “effective_from”=>“2009-01-01”}, {“role_id”=>“178”,
“effective_from”=>“2010-01-21 00:00:00 -0500”, “user_id”=>“146”}],
“controller”=>“user_roles”}

The problem seems to be your form. The params should look like something
like this:

{“user”=> {“id”=>“146”, “clearances_attributes”=>[
{“id”=>“122”, “description”=>“Just a test”,
“effective_from”=>“2009-01-01”},
{“role_id”=>“178”, “effective_from”=>
“2010-01-21 00:00:00 -0500”, “user_id”=>“146”}]},
… }

Regards, T.

byrnejb · January 22, 2010, 7:19pm

I have some further trace information regarding this situation. I am
really at a bit of a loss here on how to proceed. I cannot find any
evidence that the update user attributes is working. This is in my
User model:

has_many :roles, :through => :clearances
has_many :clearances

accepts_nested_attributes_for :clearances

This is my update method:

def update
@user = User.find(params[:user][:id])
if @user.update_attributes!(params[:user])
flash[:notice] = I18n.t(‘User clearance successfully updated’)
# Continue adding new cleartnaces until admin exits from page.
redirect_to new_user_role_path(@user)
else
#TODO: Should this be a redirect_back action instead?
redirect_back
format.html { render :action => :‘edit’ }
format.xml { render :xml => @clearance.errors,
:status => :unprocessable_entity }
end

This is what the params hash looks like in the update:

Update params hash contains: {“user”=>{“id”=>“3”}, “commit”=>“Commit
Changes”, “_method”=>“put”, “action”=>“update”, “clearance”=>
[{“id”=>“2”, “description”=>“Just a test”,
“effective_from”=>“2009-01-01”}, {“role_id”=>“5”,
“effective_from”=>“2010-01-22 00:00:00 -0500”, “user_id”=>“3”}],
“controller”=>“user_roles”}

And this is the SQL generated:

User Load (1.2ms) SELECT * FROM “users” WHERE (“users”.“id” = 3)
WARNING: Can’t mass-assign these protected attributes: id
SQL (0.6ms) SAVEPOINT active_record_1
User Load (1.5ms) SELECT “users”.id FROM “users” WHERE
(“users”.“username” = E’xtra_user’ AND “users”.id <> 3) LIMIT 1
User Load (1.2ms) SELECT “users”.id FROM “users” WHERE
(“users”.“email” = E’[email protected]’ AND “users”.id <> 3) LIMIT
1
User Update with optimistic locking (1.4ms) UPDATE “users”
SET “changed_at” = ‘2010-01-22 18:07:41’, “accessed_at” = ‘2010-01-22
18:07:41’, “perishable_token” = E’F4kMiFkscuV-yyPmBR5G’,
“lock_version” = 1
WHERE id = 3
AND “lock_version” = 0

SQL (0.6ms) RELEASE SAVEPOINT active_record_1
User Load (1.4ms) SELECT * FROM “users” WHERE (“users”.“id” =
E’1’) LIMIT 1
SQL (0.6ms) SAVEPOINT active_record_1
User Update with optimistic locking (1.5ms) UPDATE “users”
SET “changed_at” = ‘2010-01-22 18:07:41’, “accessed_at” = ‘2010-01-22
18:07:41’, “perishable_token” = E’2EW-hHca03mO73cIpQdV’,
“last_request_at” = ‘2010-01-22 18:07:41.524650’, “lock_version” = 9
WHERE id = 1
AND “lock_version” = 8

SQL (0.6ms) RELEASE SAVEPOINT active_record_1
User Load (1.2ms) SELECT * FROM “users” WHERE (“users”.“id” = 3)
Role Load (1.1ms) SELECT * FROM “roles”
Role Load (1.3ms) SELECT “roles”.* FROM “roles” INNER JOIN
“clearances” ON “roles”.id = “clearances”.role_id WHERE
((“clearances”.user_id = 3))
SQL (1.0ms) SELECT count() AS count_all FROM “clearances” WHERE
(“clearances”.user_id = 3)
Clearance Load (1.0ms) SELECT * FROM “clearances” WHERE
(“clearances”.user_id = 3)
Role Load (1.1ms) SELECT * FROM “roles” WHERE (“roles”.“id” = 4)
SQL (1.2ms) SELECT count() AS count_all FROM “users” WHERE
(last_request_at > ‘2010-01-22 17:57:41.660586’)

I do not seem to be able to find any place where Clearances are
inserted?