How to avoid "Can't mass-assign protected attributes" error

Question

Even though I added accepts_nested_attributes_for to my model.
it still says "Can't mass-assign protected attributes"
What else am I supposed to do in order to avoid this???

models/user.rb

class User < ActiveRecord::Base

  validates_presence_of :username 
  validates_uniqueness_of :username 
  validates_length_of :username, :within => 4..10

  acts_as_messageable

  has_one :user_profile
  accepts_nested_attributes_for :user_profile

  # Include default devise modules. Others available are:
  # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable, :confirmable,
         :recoverable, :rememberable, :trackable, :validatable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :email, :password, :password_confirmation, :remember_me, :username, :user_profile_attributes

  def mailboxer_email(message)
    email
  end

#  def name
#    email
#  end

end

models/user_profile.rb

class UserProfile < ActiveRecord::Base
 belongs_to :user
 accepts_nested_attributes_for :user
 attr_accessible :nickname
end

views/registration/edit.html.erb

<h2>Edit <%= resource_name.to_s.humanize %></h2>

<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
  <%= devise_error_messages! %>

  <div class="field">
    <%= f.label :nickname %><br />
    <%= f.fields_for :nickname_attributes, @user.user_profile do |user_profile| %>
    <%= user_profile.text_field :nickname %>
    <% end %>
  </div>

  <div><%= f.label :email %><br />
  <%= f.email_field :email %></div>

  <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
  <%= f.password_field :password %></div>

  <div><%= f.label :password_confirmation %><br />
  <%= f.password_field :password_confirmation %></div>

  <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
  <%= f.password_field :current_password %></div>

<%= recaptcha_tags :display => {:theme => 'red'} %>

  <div><%= f.submit "Update" %></div>
<% end %>

<h3>Cancel my account</h3>

<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>

<%= link_to "Back", :back %>

Answer 1

in edit.html.erb

wrong:

f.fields_for :nickname_attributes,

correct:

f.fields_for :user_profile_attributes,

Answer 2

attr_accessible defines the attributes you want the user to be able to mass assign. Just make sure it has all the attributes you want in there.

To be fair, you can remove attr_accessible if you don't care about it and the error will disappear (but all your model fields will be mass assignable).