I know that you should use "attr_accessible" to allow mass-assign protection, and that's actually what I do in my user model. How come it still complains?
Can't mass-assign protected attributes: email, password
user controller:
class UsersController < ApplicationController
def index
@users = User.new
end
def show
@user = User.find(2)
end
def login
@user = Project.new(params[:user])
...
end
end
user model:
class User < ActiveRecord::Base
has_and_belongs_to_many :projects
belongs_to :project
belongs_to :ticket
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password
end
the view, _navigation.html.erb:
<%= form_for("user", :url => login_users_path, :html => { :method => :post }) do |f| %>
<%= f.label :email%>
<%= f.text_field(:email, :size => 30, :class => 'login_field', :placeholder => 'Användarnamn')%>
<%= f.label :password%>
<%= f.text_field(:password, :size => 30, :class => 'login_field', :placeholder => 'Lösenord')%>
<%= f.submit "Logga in", :class => 'login_submit btn btn-primary' %>
<% end %>
from config/routes.rb:
resources :users do
post :login, on: :collection, as: :login
end
Because I'm using the collection above it should (as far as I understand) be the correct control / model (user) that I'm using?
I think it should be User not Project
def login
@user = User.new(params[:user])
...
end