jeudi 2 novembre 2017

Can't mass-assign protected attributes: participant

RoR beginner here. I think I am very close to finish this project but there is this problem.

How can I update the function of a person? And why does the creation work, though?

ActiveModel::MassAssignmentSecurity::Error in PersonsController#update Can't mass-assign protected attributes: participant

I use accepts_nested_attributes_for and the creation works like charme. The error above appears when I try to update attributes of the person. I want to be able to update all the personal data like the city, prename etc. and the function of the person. The function_id is in the participants model.

Note When I comment out the nested attribute it is possible to update all the persons attributes. Only updating the function does not work.

Person model

class Person < ActiveRecord::Base
  attr_accessible :participants_attributes, :organization_id,:title,:prename,:surname,:street,:street_number,:zip_code,:city,:phone,:fax,:email
  has_many :participants
  has_many :trials, through: :participants
  accepts_nested_attributes_for :participants

Participant model

class Participant < ActiveRecord::Base

  belongs_to :trial
  belongs_to :function
  belongs_to :person
  attr_accessible :trial_id, :function_id, :person_id

Person form /views/persons/edit.html.erb

<%= form_for([@trial, @person || @participant]) do |f| %>
...
<div class="tr">
  <div class="th">
    <%= f.label t(:function) %>
  </div>
  <div class="tdsep">:</div>
  <div class="td">
     <%=f.fields_for :participant do |builder|%>
          <%=builder.select :function_id, Function.all.collect {|fu| [fu.g, fu.id]}, prompt: t(:select_function), size: 35%>
          <%=builder.hidden_field :trial_id, value: @trial.id%>
      <%end%>
      </div>
  </div> ...

Person controller

def update
@person = Person.find(params[:id])
authorize! :update, @person

respond_to do |format|
  if @person.update_attributes(params[:person])
    format.html { redirect_to @person, notice: 'Person was successfully updated.' }
    format.json { head :no_content }
  else
    format.html { render action: "edit" }
    format.json { render json: @person.errors, status: :unprocessable_entity }
    end
  end
end

Thank you in advance =)

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)