Can't mass-assign protected attributes: group_ids

[farviewsoft]

I just downloaded and installed the master branch of boxroom and everything runs fine except when I try to assign a group to a user. When I create a new group then go to edit the user and check a new group to add then click save, I get the following exception:

Can't mass-assign protected attributes: group_ids
Rails.root: /opt/development/boxroom

Application Trace | Framework Trace | Full Trace
app/controllers/users_controller.rb:31:in `update'
Request

Parameters:

{"commit"=>"Save",
 "authenticity_token"=>"rNQ6kd+x+QKIWvJaLNEUQzXROGT1cVSlrZ34Yzax0YY=",
 "_method"=>"put",
 "utf8"=>"\342\234\223",
 "id"=>"1",
 "user"=>{"name"=>"admin@example.com",
 "password_confirmation"=>"[FILTERED]",
 "group_ids"=>["2"],
 "password"=>"[FILTERED]",
 "email"=>"admin@example.com"}}
Show session dump

Show env dump

Response

Headers:

None```

[mischa78]

I just fixed this bug. Please try again :-)

[edwardsharp]

I had this same issue but this fix did not work for me. I just added :group_ids to the attr_accessible list in app/models/user.rb and now I can create users...

[edwardsharp]

Actually, line 18 of the groups_controller.rb file that calls the set_groups function in the create method has the wrong number of arguments (0 for 1), so to get this totally working I needed to comment that out, too.

[mischa78]

@edwardsharp I don't think it's a good idea to just add :group_ids to the attr_accessible list. This may e.g. allow someone who is not an admin to add themselves to an admins group. I am doing this trough set_groups, so I can check that the user is allowed to update groups. Anyway, I fixed it in the create method too. Everything should be OK now. Thanks for your feedback!