ruby on rails - "Can't mass-assign protected attributes: admin" with sample_data.rake -


i'm going through michael hartl's tutorial , have sample_data.rake file. when try populate database "can't mass-assign protected attributes: admin" error. can fix adding ":admin" "attr_accessible" in "user.rb" file enables hack way becoming admin. how can resolve issue?

sample_data.rake file

namespace :db   desc "fill database sample data"   task populate: :environment     admin = user.create!(name: "example user",                  email: "example@railstutorial.org",                  password: "foobar",                  password_confirmation: "foobar",                  admin: true)       name  = faker::name.name       email = "example-#{n+1}@railstutorial.org"       password  = "password"       user.create!(name: name,                    email: email,                    password: password,                    password_confirmation: password)   end end 

user.rb file

class user < activerecord::base   has_many :microposts, dependent: :destroy   attr_accessible :name, :email, :password, :password_confirmation   has_secure_password    before_save { |user| user.email = email.downcase }   before_save :create_remember_token    validates :name, presence: true, length: { maximum: 50 }   valid_email_regex = /\a[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i   validates :email, presence:   true,                     format:     { with: valid_email_regex },                     uniqueness: { case_sensitive: false }   validates :password, presence: true, length: { minimum: 6 }   validates :password_confirmation, presence: true    private      def create_remember_token       self.remember_token = securerandom.urlsafe_base64     end end 

thanks help! i'm complete beginner please keep simple.

simply do:

admin = user.new(...) admin.admin = true admin.save 

this way responsible setting admin flag. not setting admin flag throuth params hash. in case, creating user in rake file not dangerous. have been if done in controller this:

user.create(params[:user]) 

as @edmund said in comment, adding :admin attr_accessible list means can .create :admin 1 of options.


Comments

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

gcc - Calling fftR4() in c from assembly -

.htaccess - Matching full URL in RewriteCond -