ActiveRecord fails to update HABTM relation

Question

I'm using a simple model for user authorisation with two ActiveRecords User and Role User and Role have a HABTM relation to each other.

I tried to created a user interface for assigning roles to users with simple checkboxes - just like in Railscasts Episode #17.

My problem is that neither User#new nor User#update_attributes use the parameters submitted by my form to update the relation between the User object and its roles. params[:user][:role_ids] contains the correct values. But calling @user.roles right after User.new(params[:user]) or @user.update_attributes(params[:user]) returns an empty array.

Manually assigning roles with @user.roles or @user.role_ids works, but not the "magic" inside User#new or User#update_attributes.

Any ideas?

Can you post your controller and view code? – John Topley Apr 16 '09 at 11:54 — John Topley, Apr 16 '09 at 11:54

score 8 · Accepted Answer · answered Apr 16 '09 at 12:02

8

The chances are high that you have either attr_accessible or attr_protected call in your User model, thus making role_ids protected from mass assignment.

If you really want to update roles via mass assignment operators, just add

attr_accessible :role_ids

to your model. However, I recommend you reading http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment first, just to know all potential problems of mass assignment.

answered Apr 16 '09 at 12:02

Oleg Shaldybin

1,025
8
8

1

Thank you very much. Just read about that yesterday, but missed it when creating my models. – Koraktor Apr 16 '09 at 12:05

ActiveRecord fails to update HABTM relation

1 Answers1

Linked