nested forms and attr_accessable

Rails 2.3.5

I am working on a nested form that assigns roles to users through a
table called clearances. I have attr_acessable turned off globally in
an initializer:

ActiveRecord::Base.send(:attr_accessible, nil)

I have this set in clearance.rb

  attr_accessible(:description,
    :effective_from,
    :role_id,
    :superceded_after,
    :user_id)

And this is what params looks like after the submit button is
selected:

{"user"=>{"id"=>"146"}, "commit"=>"Commit Changes", "_method"=>"put",
"action"=>"update", "clearance"=>[{"id"=>"122", "description"=>"Just a
test", "effective_from"=>"2009-01-01"}, {"role_id"=>"178",
"effective_from"=>"2010-01-21 00:00:00 -0500", "user_id"=>"146"}],
"controller"=>"user_roles"}

But this:

    if @user.update_attributes!(params[:user])

neither raises an error nor updates the rows. I have tried this with
and without the attr_accessible initializer and the results are the
same ether way.

I read that this should work with nested rows but I cannot determine
what I might be doing wrong. Can anyone see what might be happening?

I have some further trace information regarding this situation. I am
really at a bit of a loss here on how to proceed. I cannot find any
evidence that the update user attributes is working. This is in my
User model:

  has_many :roles, :through => :clearances
  has_many :clearances

  accepts_nested_attributes_for :clearances

This is my update method:

  def update
    @user = User.find(params[:user][:id])
    if @user.update_attributes!(params[:user])
      flash[:notice] = I18n.t('User clearance successfully updated')
      # Continue adding new cleartnaces until admin exits from page.
      redirect_to new_user_role_path(@user)
    else
      #TODO: Should this be a redirect_back action instead?
      redirect_back
      format.html { render :action => :'edit' }
      format.xml { render :xml => @clearance.errors,
                            :status => :unprocessable_entity }
    end

This is what the params hash looks like in the update:

Update params hash contains: {"user"=>{"id"=>"3"}, "commit"=>"Commit
Changes", "_method"=>"put", "action"=>"update", "clearance"=>
[{"id"=>"2", "description"=>"Just a test",
"effective_from"=>"2009-01-01"}, {"role_id"=>"5",
"effective_from"=>"2010-01-22 00:00:00 -0500", "user_id"=>"3"}],
"controller"=>"user_roles"}

And this is the SQL generated:

  User Load (1.2ms) SELECT * FROM "users" WHERE ("users"."id" = 3)
WARNING: Can't mass-assign these protected attributes: id
  SQL (0.6ms) SAVEPOINT active_record_1
  User Load (1.5ms) SELECT "users".id FROM "users" WHERE
("users"."username" = E'xtra_user' AND "users".id <> 3) LIMIT 1
  User Load (1.2ms) SELECT "users".id FROM "users" WHERE
("users"."email" = E'xtra_user@example.com' AND "users".id <> 3) LIMIT
1
  User Update with optimistic locking (1.4ms) UPDATE "users"
SET "changed_at" = '2010-01-22 18:07:41', "accessed_at" = '2010-01-22
18:07:41', "perishable_token" = E'F4kMiFkscuV-yyPmBR5G',
"lock_version" = 1
WHERE id = 3
AND "lock_version" = 0

  SQL (0.6ms) RELEASE SAVEPOINT active_record_1
  User Load (1.4ms) SELECT * FROM "users" WHERE ("users"."id" =
E'1') LIMIT 1
  SQL (0.6ms) SAVEPOINT active_record_1
  User Update with optimistic locking (1.5ms) UPDATE "users"
SET "changed_at" = '2010-01-22 18:07:41', "accessed_at" = '2010-01-22
18:07:41', "perishable_token" = E'2EW-hHca03mO73cIpQdV',
"last_request_at" = '2010-01-22 18:07:41.524650', "lock_version" = 9
WHERE id = 1
AND "lock_version" = 8

  SQL (0.6ms) RELEASE SAVEPOINT active_record_1
  User Load (1.2ms) SELECT * FROM "users" WHERE ("users"."id" = 3)
  Role Load (1.1ms) SELECT * FROM "roles"
  Role Load (1.3ms) SELECT "roles".* FROM "roles" INNER JOIN
"clearances" ON "roles".id = "clearances".role_id WHERE
(("clearances".user_id = 3))
  SQL (1.0ms) SELECT count(*) AS count_all FROM "clearances" WHERE
("clearances".user_id = 3)
  Clearance Load (1.0ms) SELECT * FROM "clearances" WHERE
("clearances".user_id = 3)
  Role Load (1.1ms) SELECT * FROM "roles" WHERE ("roles"."id" = 4)
  SQL (1.2ms) SELECT count(*) AS count_all FROM "users" WHERE
(last_request_at > '2010-01-22 17:57:41.660586')

I do not seem to be able to find any place where Clearances are
inserted?

James Byrne wrote:

...
And this is what params looks like after the submit button is
selected:

{"user"=> {"id"=>"146"}, "commit"=>"Commit Changes", "_method"=>"put",
"action"=>"update", "clearance"=>[{"id"=>"122", "description"=>"Just a
test", "effective_from"=>"2009-01-01"}, {"role_id"=>"178",
"effective_from"=>"2010-01-21 00:00:00 -0500", "user_id"=>"146"}],
"controller"=>"user_roles"}

The problem seems to be your form. The params should look like something
like this:

{"user"=> {"id"=>"146", "clearances_attributes"=>[
  {"id"=>"122", "description"=>"Just a test",
    "effective_from"=>"2009-01-01"},
  {"role_id"=>"178", "effective_from"=>
    "2010-01-21 00:00:00 -0500", "user_id"=>"146"}]},
  ... }

Regards, T.