I have a Rails application with a custom model that contains the admin attribute. It is locked using attr_accessible . My model looks like this:
attr_accessible :name, :email, :other_email, :plant_id, :password, :password_confirmation attr_accessible :name, :email, :other_email, :plant_id, :password, :password_confirmation, :admin, :as => :admin
And here is what my update method looks like in my user controller:
def update @user = User.find(params[:id]) if @user.update_attributes(params[:user], :as => current_user_role.to_sym) flash[:notice] = "Profile updated" redirect_to edit_user_url(@user) else render 'edit' end end
I have a helper method in my application controller that returns a role as a string:
def current_user_role @current_user_role ||= current_user.admin? ? "admin" : "default" end helper_method :current_user_role
I also set config.active_record.whitelist_attributes = true in config/application.rb .
I checked that the current_user_role method returns the correct value based on the current status of the userβs administrator. Rails does not throw a mass assignment error. But when I try to update the user's admin status during login as an administrator, Rails updates and silently ignores the admin attribute. A call to a user record in the Rails console indicates that the record has not been modified.
I have a feeling that the game has a problem with Ruby or Rails that I do not know about. I can not find information on how to make a dynamic role. The best I could find is this .
ruby ruby-on-rails mass-assignment attr-accessible
jeffmueller
source share