ActiveModel::MassAssignmentSecurity::Error in UsersController#create

Question

While applying logging concept to my book catalog display, when a user is regestering I am coming acorss this sort of error.

   Can't mass-assign protected attributes: password_confirmation, password

And my code in app/model/user.rb is as follows:

   class User < ActiveRecord::Base
     attr_accessible :name, :password_digest
     validates :name, :presence => true, :uniqueness => true
     has_secure_password 
   end

And my code of create method in app/contollers/user_controller.rb

     def create
     @user = User.new(params[:user])

       respond_to do |format|
       if @user.save
       format.html { redirect_to users_url, :notice => 'User #{@user.name} was   successfully                  created.' }
    format.json { render :json => @user, :status => :created, :location => @user }
      else
    format.html { render :action => "new" }
    format.json { render :json => @user.errors, :status => :unprocessable_entity }
    end
    end
    end

Any help please!

Answer 1

If you want to assign those values in the way you're doing it, you need to add them to the attr_accessible in your model:

attr_accessible :name, :password_digest, :password, :password_confirmation

I suspect you may not want to assign both of those, so you might want to delete them from that hash first (in the controller):

user = params[:user]
user.delete(:password_confirmation)
@user = User.new(user)

You could also create a new hash containing just the values you want to use to create the new User, if you have only a few values to keep but a lot of values to ignore.

(You could also create a new "empty" User and just assign the values you want - if that makes more sense in your situation.)