Reputation: 4089
simple attr_accesible in rails
I have a simple rails application were book belongs_to user and user has_many book. In the book model I have a filed for user which is the user_id field and I use devise for my current_user method. Now I want the current_user to add a new bood and I keep getting the error cannot mass-assign protected attributes : item, user. I have no idea were the item is coming from and do I have to include user into the list of attr_assible items. The problem is that I don't want the user attribute in the book to be massisined so people don't just try to hack and change the owner of the book. I am using rails 3.2.3
Upvotes: 0
Views: 44
Answers (2)
Reputation: 18550
Wherever you are building the book, you need to do it this way:
current_user.new { :item => item }
For this to work, the item attribute should be mass-assignment enabled.
Upvotes: 0
Reputation: 3919
Add this to the book model:
attr_accessible :user_id
Or try this:
@book = Book.new
@book.user_id = current_user.id
@book.save
Also see:
http://api.rubyonrails.org/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html
Upvotes: 1
Related Questions
- attr_accessor feature not working as expected
- How to use 'attr_accesor'
- attr_accessible in rails 4
- usage of attr_accessor in Rails
- Ruby on rails 4 attr_accessible
- Can attr_accessible accept objects as opposed to model attributes?
- Confused about attr_accessor and attr_accessible in rails
- attr_accessible in rails Active Record
- How do you use attr_accessible?
- Do I need to use attr_accessor?