Hi,

I’m having the follwoing Warning preventing a model to be saved:

WARNING: Can’t mass-assign these protected attributes: name, password, email

My Model is:

class User < ActiveRecord::Base

attr_accessible :password_confirmation

validates_confirmation_of :password

attr_accessible :email_confirmation

validates_confirmation_of :email

#Password reader

def password

@password

end

#Password writer

def password=(pwd)

@password = pwd

return if pwd.blank?

create_new_salt

self.hashed_password = User.encrypt_password(self.password, self.salt)

end

end

My users table is as following:

create_table “users”, :force => true do |t|

t.string “name”

t.string “hashed_password”

t.string “salt”

t.datetime “created_at”

t.datetime “updated_at”

t.string “email”

t.string “activation_key”

t.boolean “active”

If I unit tes the model, everything goes fine. If I use the view to create a new users I get that warning and nothing is saved.

My users_controller is as follows (generated by scaffolding)

POST /users

POST /users.xml

def create

@user = User.new(params[:user])

respond_to do |format|

if @user.save

flash[:notice] = ‘User was successfully created.’

format.html { redirect_to(@user) }

format.xml { render :xml => @user, :status => :created, :location => @user }

else

format.html { render :action => “new” }

format.xml { render :xml => @user.errors, :status => :unprocessable_entity }

end

end

end

GET /users/new

GET /users/new.xml

def new

@user = User.new

respond_to do |format|

format.html # new.html.erb

format.xml { render :xml => @user }

end

end

Can someone give me an hint?

Thank you,

You must add name, password, email into attr_accessible to.

Or you meant to say: attr_accessor to simply add the *_confirmation attributes that aren't stored in the database. If you were going to use attr_accessible, then you'd probably want :name in there if you wanted User.update_attributes(params[:user]) to actually update the user's name from an edit form.

-Rob