Can't mass-assign protected attributes: email

Question

I know this is a popular error, but I have class User < ActiveRecord::Base attr_protected :provider, :uid, :name, :email in my user model, but still get this error.

Here is the detail:

ActiveModel::MassAssignmentSecurity::Error in UsersController#update

Can't mass-assign protected attributes: email
Rails.root: /Users/ewalker/Documents/alift

Application Trace | Framework Trace | Full Trace
app/controllers/users_controller.rb:19:in `update'
Request

Parameters:

{"utf8"=>"✓",
 "_method"=>"put",
 "authenticity_token"=>"F+5itYNqPddn4usVgIJwzG+PSz50Up7mqZs50x3f9Ho=",
 "user"=>{"email"=>"erin@walkersmidas.com"},
 "commit"=>"Sign in",
 "id"=>"1"}

My user controller:

class UsersController < ApplicationController



def show
  @user = User.find(params[:id]) 
end

def index
  @users = User.all
end

def edit
  @user = User.find(params[:id])
end

def update
  @user = User.find(params[:id])
  if @user.update_attributes(params[:user])
    redirect_to @user
  else
    render :edit
  end
end
end

User model:

class User < ActiveRecord::Base
attr_protected :provider, :uid, :name, :email

has_many :posts, dependent: :destroy

  def self.from_omniauth(auth)
    where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
      user.provider = auth.provider
      user.uid = auth.uid
      user.name = auth.info.name
      user.oauth_token = auth.credentials.token
      user.oauth_expires_at = Time.at(auth.credentials.expires_at)
      user.save!
    end
  end
end

and the edit form:

<%= form_for(@user) do |f| %>
  <%= f.label :email %>
  <%= f.text_field :email %>
  <br />
  <%= f.submit "Sign " %>
<% end %>

Thanks

Answer 1

attr_protected protects against mass assignment so the error is to be expected. attr_accessible :email may be what you want, which permits the attribute being set in mass assignment.