I am creating a sign up page for users and accounts. Each account will be accessible to multiple users, but only 1 user will be the account owner.
# account.rb
class Account < ActiveRecord::Base
belongs_to :owner, class_name: "User", foreign_key: "owner_id"
accepts_nested_attributes_for :owner
end
# user.rb
class User < ActiveRecord::Base
has_secure_password
end
# accounts_controller.rb
class AccountsController < ApplicationController
def new
@account = Account.new
@account.build_owner
end
def create
@account = Account.new(account_params)
if @account.save
env["warden"].set_user(@account.owner, scope: :user)
env["warden"].set_user(@account, scope: :account)
flash[:success] = "Your account has been successfully created."
redirect_to root_url(subdomain: @account.subdomain)
else
flash[:error] = "Sorry, your account could not be created."
render :new
end
end
private
def account_params
params.require(:account).permit(:account_name, :subdomain,
{:owner => [:username, :password, :password_confirmation]})
end
end
I have also tried ":owner_attributes" as the key for the nested attributes hash.
The sign up page is pretty straightforward:
# /views/accounts/new.html.erb
<h2>Sign Up</h2>
<%= form_for(@account) do |account| %>
<%= account.error_messages %>
<p>
<%= account.label :account_name %><br>
<%= account.text_field :account_name %>
</p>
<p>
<%= account.label :subdomain %><br>
<%= account.text_field :subdomain %>
</p>
<%= account.fields_for @account.owner do |owner| %>
<p>
<%= owner.label :username %><br>
<%= owner.text_field :username %>
</p>
<p>
<%= owner.label :password %><br>
<%= owner.password_field :password %>
</p>
<p>
<%= owner.label :password_confirmation %><br>
<%= owner.password_field :password_confirmation %>
</p>
<% end %>
<%= account.submit %>
<% end %>
When running tests on this code, the server output indicates that there is an unpermitted parameter "user", which causes the account creation to fail:
Started GET "/sign_up" for 127.0.0.1 at 2015-07-10 14:41:26 +0000
Processing by AccountsController#new as HTML
Rendered accounts/new.html.erb within layouts/application (51.7ms)
Completed 200 OK in 127ms (Views: 57.7ms | ActiveRecord: 31.2ms)
Started POST "/accounts" for 127.0.0.1 at 2015-07-10 14:41:26 +0000
Processing by AccountsController#create as HTML
Parameters: {"utf8"=>"✓", "account"=>{"account_name"=>"Test Firm", "subdomain"=>"test", "user"=>{"username"=>"User1", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}}, "commit"=>"Create Account"}
Unpermitted parameter: user
For informational purposes, here is the test code that is being used:
RSpec.feature "Accounts", type: :feature do
owner = FactoryGirl.attributes_for(:user)
scenario "creating an account" do
visit root_path
click_link "Sign Up"
fill_in "Account name", :with => "Test Firm"
fill_in "Subdomain", :with => "test"
fill_in "Username", :with => owner[:username]
fill_in "Password", :with => owner[:password]
fill_in "Password confirmation", :with => owner[:password_confirmation]
click_button "Create Account"
success_message = "Your account has been successfully created."
expect(page).to have_content(success_message)
expect(page).to have_content("Signed in as #{owner[:username].downcase}")
expect(page.current_url).to eq("http://test.example.com/")
end
end
I'm confused why a parameter of "user" is being sent (and rejected) since both the model and controller are using the "owner" name? Thanks for any insight.
