nested forms and attr_accessable

Rails 2.3.5

I am working on a nested form that assigns roles to users through a table called clearances. I have attr_acessable turned off globally in an initializer:

ActiveRecord::Base.send(:attr_accessible, nil)

I have this set in clearance.rb

  attr_accessible(:description,     :effective_from,     :role_id,     :superceded_after,     :user_id)

And this is what params looks like after the submit button is selected:

{"user"=>{"id"=>"146"}, "commit"=>"Commit Changes", "_method"=>"put", "action"=>"update", "clearance"=>[{"id"=>"122", "description"=>"Just a test", "effective_from"=>"2009-01-01"}, {"role_id"=>"178", "effective_from"=>"2010-01-21 00:00:00 -0500", "user_id"=>"146"}], "controller"=>"user_roles"}

But this:

    if @user.update_attributes!(params[:user])

neither raises an error nor updates the rows. I have tried this with and without the attr_accessible initializer and the results are the same ether way.

I read that this should work with nested rows but I cannot determine what I might be doing wrong. Can anyone see what might be happening?

I have some further trace information regarding this situation. I am really at a bit of a loss here on how to proceed. I cannot find any evidence that the update user attributes is working. This is in my User model:

  has_many :roles, :through => :clearances   has_many :clearances

  accepts_nested_attributes_for :clearances

This is my update method:

  def update     @user = User.find(params[:user][:id])     if @user.update_attributes!(params[:user])       flash[:notice] = I18n.t('User clearance successfully updated')       # Continue adding new cleartnaces until admin exits from page.       redirect_to new_user_role_path(@user)     else       #TODO: Should this be a redirect_back action instead?       redirect_back       format.html { render :action => :'edit' }       format.xml { render :xml => @clearance.errors,                             :status => :unprocessable_entity }     end

This is what the params hash looks like in the update:

Update params hash contains: {"user"=>{"id"=>"3"}, "commit"=>"Commit Changes", "_method"=>"put", "action"=>"update", "clearance"=> [{"id"=>"2", "description"=>"Just a test", "effective_from"=>"2009-01-01"}, {"role_id"=>"5", "effective_from"=>"2010-01-22 00:00:00 -0500", "user_id"=>"3"}], "controller"=>"user_roles"}

And this is the SQL generated:

  User Load (1.2ms) SELECT * FROM "users" WHERE ("users"."id" = 3) WARNING: Can't mass-assign these protected attributes: id   SQL (0.6ms) SAVEPOINT active_record_1   User Load (1.5ms) SELECT "users".id FROM "users" WHERE ("users"."username" = E'xtra_user' AND "users".id <> 3) LIMIT 1   User Load (1.2ms) SELECT "users".id FROM "users" WHERE ("users"."email" = E'xtra_user@example.com' AND "users".id <> 3) LIMIT 1   User Update with optimistic locking (1.4ms) UPDATE "users" SET "changed_at" = '2010-01-22 18:07:41', "accessed_at" = '2010-01-22 18:07:41', "perishable_token" = E'F4kMiFkscuV-yyPmBR5G', "lock_version" = 1 WHERE id = 3 AND "lock_version" = 0

  SQL (0.6ms) RELEASE SAVEPOINT active_record_1   User Load (1.4ms) SELECT * FROM "users" WHERE ("users"."id" = E'1') LIMIT 1   SQL (0.6ms) SAVEPOINT active_record_1   User Update with optimistic locking (1.5ms) UPDATE "users" SET "changed_at" = '2010-01-22 18:07:41', "accessed_at" = '2010-01-22 18:07:41', "perishable_token" = E'2EW-hHca03mO73cIpQdV', "last_request_at" = '2010-01-22 18:07:41.524650', "lock_version" = 9 WHERE id = 1 AND "lock_version" = 8

  SQL (0.6ms) RELEASE SAVEPOINT active_record_1   User Load (1.2ms) SELECT * FROM "users" WHERE ("users"."id" = 3)   Role Load (1.1ms) SELECT * FROM "roles"   Role Load (1.3ms) SELECT "roles".* FROM "roles" INNER JOIN "clearances" ON "roles".id = "clearances".role_id WHERE (("clearances".user_id = 3))   SQL (1.0ms) SELECT count(*) AS count_all FROM "clearances" WHERE ("clearances".user_id = 3)   Clearance Load (1.0ms) SELECT * FROM "clearances" WHERE ("clearances".user_id = 3)   Role Load (1.1ms) SELECT * FROM "roles" WHERE ("roles"."id" = 4)   SQL (1.2ms) SELECT count(*) AS count_all FROM "users" WHERE (last_request_at > '2010-01-22 17:57:41.660586')

I do not seem to be able to find any place where Clearances are inserted?

James Byrne wrote:

... And this is what params looks like after the submit button is selected:

{"user"=> {"id"=>"146"}, "commit"=>"Commit Changes", "_method"=>"put", "action"=>"update", "clearance"=>[{"id"=>"122", "description"=>"Just a test", "effective_from"=>"2009-01-01"}, {"role_id"=>"178", "effective_from"=>"2010-01-21 00:00:00 -0500", "user_id"=>"146"}], "controller"=>"user_roles"}

The problem seems to be your form. The params should look like something like this:

{"user"=> {"id"=>"146", "clearances_attributes"=>[   {"id"=>"122", "description"=>"Just a test",     "effective_from"=>"2009-01-01"},   {"role_id"=>"178", "effective_from"=>     "2010-01-21 00:00:00 -0500", "user_id"=>"146"}]},   ... }

Regards, T.