Unpermitted parameters on belong_to association - ruby-on-rails

I have an association as follows:
class Membership < ApplicationRecord
belongs_to :user
end
and
class User < ApplicationRecord
has_many :memberships
end
Now I have a form to create a new membership. Within this form I also want to input new user information. I am using SimpleForm. My basic structure is as follows (using HAML not erb files):
= simple_form_for #membership do |f|
...
= simple_fields_for #user do |uf|
.field= uf.input :firstname, label: 'First Name', required: true
...
= f.button :submit, 'Submit'
#user here is an instance variable set in the new action on the Memberships controller (#user = User.new). I would like to keep it this way so I can use SimpleForm's inference on user attributes (i.e., uf.input :firstname maps to the firstname attribute on the User model)
Now given this background, when I hit submit the goal is to create a new membership and a new user associated to that membership. How can I permit parameters for the single associated user?
At the moment I have:
# Never trust parameters from the scary internet, only allow the white list through.
def membership_params
params.require(:membership).permit(users_attributes: [:id, :firstname] )
end
Here is the request:
Started POST "/memberships" for ::1 at 2018-10-15 15:08:42 -0600
Processing by MembershipsController#create as HTML
Parameters: {"utf8"=>"βœ“", "authenticity_token"=>"omitted==", "membership"=>{"user"=>{"firstname"=>""}}, "commit"=>"Submit"}
Unpermitted parameter: :user
Unpermitted parameter: :user
Unpermitted parameter: :user
##################### {}
No template found for MembershipsController#create, rendering head :no_content
Completed 204 No Content in 264ms (ActiveRecord: 0.0ms)
I have no template rendering on purpose for now.
Given this parameter structure:
"membership"=>{"user"=>{"firstname"=>""}}
I have also tried the following for permitted parameters:
params.require(:membership).permit(user_attributes: [:id, :firstname] )
params.require(:membership).permit(user: [:id, :firstname] )
Notice I the ################ {}. This is a manual puts I have in the create action. puts '################ ' + membership_params.to_json. As you can see it yields nothing. Also why do I get the 'Unpermitted parameters' logged three times?
UPDATE 1 controller code:
class MembershipsController < ApplicationController
load_and_authorize_resource
# GET
def new
#membership_plans = Plan.active.sort_by { |plan| plan.sequence }
#user = #membership.build_user
end
# POST
def create
debug_puts(membership_params.to_json)
end
private
# Never trust parameters from the scary internet, only allow the white list through.
def membership_params
params.require(:membership).permit(user_attributes: [:id, :firstname, :lastname] )
end
end
UPDATE 2
I don't deem this as an acceptable answer (which is why I'm not formally "answering" my question), but what I have decided to do is invert my form. The relationship is still the same among Memberships and Users, but the parent form is for a User:
= simple_form_for #user do |f|
...
= f.simple_fields_for :memberships_attributes do |mf|
...
This means I put accepts_nested_attributes_for :membership on the User model (a has_many association with memberships) and all the rendering and param permitting is done within the Users Controller
# new action in users_controller.rb
def new
#membership_plans = Plan.active.sort_by { |plan| plan.sequence }
#user = User.new
#user.build_membership
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params.require(:user).permit(memberships_attributes: [:id, :field1, :field2] )
end

You need to build the user for membership in the new action of memberships_controller.
def new
#membership = Membership.new
#user = #membership.build_user
end
and make sure you have user_attributes not users_attributes in the membership_params
params.require(:membership).permit(user_attributes: [:id, :firstname] )
Update:
There is one more important piece of code which need to be fixed.
This
= simple_fields_for #user do |uf|
should be
= f.simple_fields_for #user do |uf|

Related

Attributes not saving with devise and accepts_nested_attributes_for

I have an almost working sign up form with Devise. Whilst it seems to work, it's not saving the fields in my Custaddress table other than the user_id. Any help to work out how to have it save the rest of the information would be great. The following is greatly truncated!!
User.rb contains:
class User < ApplicationRecord
has_one :custaddress
accepts_nested_attributes_for :custaddress
end
Custaddress contains:
class Custaddress < ApplicationRecord
has_many :orders
belongs_to :user
end
Registrations controller contains:
As you can see, this just builds on the "standard" Devise controller. There is no create or new here as I assume it's using the standard methods.
class Users::RegistrationsController < Devise::RegistrationsController
invisible_captcha only: :create
protected
def build_resource(hash = {})
self.resource = resource_class.new_with_session(hash, session)
resource.build_custaddress
# Jumpstart: Skip email confirmation on registration.
# Require confirmation when user changes their email only
resource.skip_confirmation!
# Registering to accept an invitation should display the invitation on sign up
if params[:invite] && (invite = AccountInvitation.find_by(token: params[:invite]))
#account_invitation = invite
# Build and display account fields in registration form if enabled
elsif Jumpstart.config.register_with_account?
account = resource.owned_accounts.first
account ||= resource.owned_accounts.new
account.account_users.new(user: resource, admin: true)
end
end
def update_resource(resource, params)
# Jumpstart: Allow user to edit their profile without password
resource.update_without_password(params)
end
def sign_up(resource_name, resource)
if cookies[:ordernum]
order = Order.where(ordernum: cookies[:ordernum]).first
if order
order.update!(user: resource, custaddress: resource.custaddress)
cookies.delete "ordernum"
end
end
sign_in(resource_name, resource)
# If user registered through an invitation, automatically accept it after signing in
if params[:invite] && (account_invitation = AccountInvitation.find_by(token: params[:invite]))
account_invitation.accept!(current_user)
# Clear redirect to account invitation since it's already been accepted
stored_location_for(:user)
end
end
end
My new.html.erb contains:
<%= form_with(model: resource, as: resource_name, url: registration_path(resource_name, invite: params[:invite])) do |f| %>
<%= f.fields_for :custaddress do |cust| %>
<div class="form-group">
<%= cust.label "Apartment/Unit Number", class: "font-bold" %>
<%= cust.text_field :apartment, class: "form-control", placeholder: "Unit 2 or Apartment 307" %>
</div>
And much more!
My application controller has:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
include SetCurrentRequestDetails
include SetLocale
include Jumpstart::Controller
include Accounts::SubscriptionStatus
include Users::NavbarNotifications
include Users::TimeZone
include Pagy::Backend
include CurrentHelper
include Sortable
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :masquerade_user!
before_action :store_user_location!, if: :storable_location?
protected
# To add extra fields to Devise registration, add the attribute names to `extra_keys`
def configure_permitted_parameters
extra_keys = [:avatar, :first_name, :last_name, :time_zone, :preferred_language]
signup_keys = extra_keys + [:terms_of_service, :invite, owned_accounts_attributes: [:name], custaddress_attributes: [:address, :apartment, :city, :state, :country, :postcode, :mobile]]
devise_parameter_sanitizer.permit(:sign_up, keys: signup_keys)
devise_parameter_sanitizer.permit(:account_update, keys: extra_keys)
devise_parameter_sanitizer.permit(:accept_invitation, keys: extra_keys)
end
def after_sign_in_path_for(resource_or_scope)
stored_location_for(resource_or_scope) || super
end
# Helper method for verifying authentication in a before_action, but redirecting to sign up instead of login
def authenticate_user_with_sign_up!
unless user_signed_in?
store_location_for(:user, request.fullpath)
redirect_to new_user_registration_path, alert: t("create_an_account_first")
end
end
def require_current_account_admin
unless current_account_admin?
redirect_to root_path, alert: t("must_be_an_admin")
end
end
private
def storable_location?
request.get? && is_navigational_format? && !devise_controller? && !request.xhr?
end
def store_user_location!
# :user is the scope we are authenticating
store_location_for(:user, request.fullpath)
end
end
My logs are showing:
Processing by Users::RegistrationsController#create as JS
17:08:57 web.1 | Parameters: {"authenticity_token"=>"uVphxW4gCQntvHFxRb33dl9cqxv9vlL69Wc2zOMoF1M+pUk8c2HnHwgQFIkMbfmxYraVI7rYBVCPgfSD1u7OHg==", "user"=>{"first_name"=>"[FILTERED]", "last_name"=>"[FILTERED]", "email"=>"[FILTERED]", "password"=>"[FILTERED]", "time_zone"=>"Sydney", "custaddress_attributes"=>{"apartment"=>"", "address"=>"XXXXXXXX", "city"=>"XXXXXXX", "state"=>"XXXXX", "postcode"=>"XXXX", "mobile"=>"XXXXXXXX", "country"=>"XXXXXXX"}, "terms_of_service"=>"1"}, "enc-rmjxhdab"=>"", "button"=>""}
So, I know it's getting the information from the form. However I have no idea where it's saving the Custaddress record. It only seems to be associating the user_id:
Custaddress Create (0.2ms) INSERT INTO "custaddresses" ("user_id", "created_at", "updated_at") VALUES ($1, $2, $3) RETURNING "id" [["user_id", 3], ["created_at", "2020-09-25 02:20:39.109187"], ["updated_at", "2020-09-25 02:20:39.109187"]]
12:20:39 web.1 | (33.9ms) COMMIT
Can anyone please help me work out why the custaddress isn't saving. I've spent hours on this and read every article on google (well it certainly feels like it).
I've tried to track this down, to no avail.
Adding an answer for completeness.
Devise's create action calls the build_resurce method that you are overriding. the problem is that you overrid it for the new action but didn't take into account the create action.
So, you are doing this:
def build_resource(hash = {})
self.resource = resource_class.new_with_session(hash, session)
resource.build_custaddress
For the new action there's no issue, resource.build_custaddress will instantiate a new custaddress object for you to be able to use the fields_for helper.
The problem is that, for the create action, at that point resource already has a custaddress with the values from the request (set by the previous line), then you do resource.build_custaddress and replace the current custaddress with a new empty one.
The solution is to only build a custaddress if it's not nil:
def build_resource(hash = {})
self.resource = resource_class.new_with_session(hash, session)
resource.build_custaddress if resource.custaddress.nil?
That way you'll have a new empty custaddress for the new action, but respect the values from the request for the create, edit or update actions.

Rails Survey response form

I have a survey application that I confused on final side.
here is app models properties:
User
- Survey
user_id
title
- Question
title
survey_id
type: multiple_choice|check_boxes|short_answer
- Option
title
question_id
(Till here is okay. I can create surveys these includes more nested forms) Issue is after created surveys. (users responses)
-Response
user_id
survey_id
-Answer
question_id
response_id
option_id
Creating survey with nested attributes is okay. Problem is at Response side. how should be my response controller and response form on Survey show.html.erb?
There is response controller nested attributes below;
def response_params
params.require(:response).permit(:id, :user_id, :survey_id, answers_attributes:[:question_id, :response_id, :option_id ] )
end
I should tell that survey can includes multiple questions these with only radio_buttons (independent radio buttons are other issue)
This issue made me so tired. I'll be glad if you can help me. Thanks.
For Source code: Click for source codes
updated files:
Response model:
class Response < ApplicationRecord
belongs_to :user
belongs_to :survey
has_many :answers, dependent: :destroy
validates :survey, presence: true
counter_culture :option
accepts_nested_attributes_for :answers
end
Survey_controller:
def new_response
#survey = Survey.find(params[:id])
#response = #survey.responses.build
# now, the tricky part, you have to build the Answer objects so you can use the nested form later
#survey.questions.each do |q|
#response.answers.build question: q
end
end
def create_response
#survey = Survey.find(params[:id])
#response = #survey.build(response_params)
#response.user = current_user
#response.save
end
Routes:
Rails.application.routes.draw do
devise_for :users
resources :surveys do
member do
get :new_response
get :create_response
end
end
root 'surveys#index'
end
form:
- # surveys/new_response.html.haml
- # You need to define a nested route inside survey resource to create the response
= form_for #response, url: create_response_survey_path(#survey) do |f|
- # you can iterate over all the answers already initialized
= f.fields_for :answers do |ff|
- # get the question from the current answer to show the title and options and a hidden_field with the question id
- q = ff.object.question
= q.title
= ff.hidden_field :question_id
- # add the radios for each options for the question
- q.options.each do |option|
= label_tag do
= ff.radio_button :option_id, option.id
= option.title
= f.submit 'Send'
I wouldn't use the Survey's show action to show the form to create a Response, I think it's better to approach it as a new_response action to make it cleaner and leave the show action just to show the actual survey (not to respond it). Something like:
class SurveysController < ApplicationController
def new_response
#survey = Survey.find(params[:id])
#response = #survey.responses.build
# now, the tricky part, you have to build the Answer objects so you can use the nested form later
#survey.questions.each do |q|
#response.anwers.build question: q
end
end
Now, you can have a form for the response:
- # surveys/new_response.html.haml
- # You need to define a nested route inside survey resource to create the response
= form_for #response, url: create_response_survey_path(#survey) do |f|
- # you can iterate over all the answers already initialized
= f.fields_for :answers do |ff|
- # get the question from the current answer to show the title and options and a hidden_field with the question id
- q = ff.object.question
= q.title
= ff.hidden_field :question_id
- # add the radios for each options for the question
- q.options.each do |option|
= label_tag do
= ff.radio_button :choice_id, option.id
= option.title
= f.submit 'Send'
Your response_params should be something like:
def response_params
params.require(:response).permit(answers_attributes: [:question_id, :choice_id])
end
note that I removed the :survey_id and the :user_id, you don't want a user to hack your form, change a survey_id or user_id and add responses to another survey made by another user!
and your create_response action:
def create_response
#survey = Survey.find(params[:id])
#response = #survey.build(response_params)
#response.user = current_user
#response.save
end
Hope it makes sense.

Rails4: What is the correct way to use form_for for submitting a hidden field

I am trying to pass a hidden field from a form whose value is derived from a text blob that user can edit on the webpage. (I use bootstrap-editable to let the user edit the blurb by clicking on it)
Here is the actual workflow:
User goes on 'Invitations page' where they are are provided with a form to enter friends email and shown a default text that will be used in the email
If the user want they can click on the text and edit it. This will make a post call via javascript to update_email method in Invitation controller
After the text is updated user is redirected back so now the user sees the same page with updated text. This works and user sees the updated text blurb instead of default [1-3] can happen any number of times
When the user submits the form , I expect to get the final version of email that I can save in the db and also trigger an email invitation to the users friend
Problem:
I keep getting default text from form parameters. Any idea what I am doing wrong?
Here is the form (Its haml instead of html)
#new-form
= form_for #invitation, :url=> invitations_path(), :html => {:class => 'form-inline', :role => 'form'} do |f|
.form-group
= f.text_field :email, :type=> 'email', :placeholder=> 'Invite your friends via email', :class=> 'form-control invitation-email'
= f.hidden_field :mail_text, :value => #invitation_email
= f.submit :class => 'btn btn-primary submit-email', :value => 'Send'
Here is the invitation controller:
class InvitationsController < ApplicationController
authorize_resource
before_filter :load_invitations, only: [:new, :index]
before_filter :new_invitation, only: [:new, :index]
before_filter :default_email, only: [:index]
#helper_method :default_email
def create
Invitation.create!(email: params[:invitation][:email], invited_by: current_user.id, state: 'sent', mail_text: params[:invitation][:mail_text], url: {referrer_name: current_user.name}.to_param)
redirect_to :back
end
def update_email
#invitation_email = params[:value]
flash[:updated_invitation_email] = params[:value]
redirect_to :back
end
private
def invitation_params
params.require(:invitation).permit!
end
def load_invitations
#invitations ||= current_user.sent_invitations
end
def new_invitation
#invitation = Invitation.new
end
def default_email
default_text = "default text"
#invitation_email = flash[:updated_invitation_email].blank? ? default_text : flash[:updated_invitation_email]
end
end
Assuming you are using Rails 4 then you need to permit the mail_text parameter:
class InvitationsController < ApplicationController
# ...
private
def invitation_params
params.require(:invitation).permit(:email, :mail_text) #...
end
end
Depending on your settings rails strong parameters will either raise an error or just silently null un-permitted params.
I have to say that your flow is a bit weird and that it may be better if you actually use a
more RESTful pattern:
1. User goes on 'Invitations page' where they are are provided with a form to enter friends email and shown a default text that will be used in the email
Send a AJAX POST request to /invitations (InvitationsController#create) it should return a JSON representation of the UNSENT invitation, store the returned invitation id on the form.
Note that you may need to setup the validations on your Invitation model so that it allows :email and :mail_text to be blank on creation
class Invitation < ActiveRecord::Base
validates :email, allow_blank: true
# ...
# Do full validation only when mail is being sent.
with_options if: :is_being_sent? do |invitation|
invitation.validates :email #...
invitation.validates :mail_text #...
end
# ...
def is_being_sent?
changed.include?("state") && state == 'sent'
end
end
2. User edits text
Send a AJAX PUT or PATCH request to /invitations/:id and update the invitation.
3. User clicks send
Send a POST request to /invitations/:id/send. Update the state attribute and validate.
If valid send invitation. Display a message to user.
class InvitationsController < ApplicationController
# ...
# POST /invitations/:id/send
def send
#invitation = Invitation.find(params[:id])
# Ensure we have latest values from form and trigger a more stringent validation
#invitation.update(params.merge({ state: :sent })
if #invitation.valid?
#mail = Invitation.send!
if #mail.delivered?
# display success response
else
# display error
end
else # record is invalid
# redirect to edit
end
end
# ...
end

ActiveRecord::RecordNotFound - in a descendant class' associated_controller#index

I am attempting to locate a parent object in a nested controller, so that I can associate the descendant resource with the parent like so:
# teams_controller.rb <snippet only>
def index
#university = Univeresity.find(params[:university_id])
#teams = #university.teams
end
When I call find(params[:university_id]) per the snippet above & in line 6 of teams_controller.rb, I receive ActiveRecord::RecordNotFound - Couldn't find University without an ID.
I'm not only interested in fixing this issue, but would also enjoy a better understanding of finding objects without having to enter a University.find(1) value, since I grant Admin the privilege of adding universities.
The Rails Guides say the following about the two kinds of parameters in a website:
3 Parameters
You will probably want to access data sent in by the user or other
parameters in your controller actions. There are two kinds of
parameters possible in a web application. The first are parameters
that are sent as part of the URL, called query string parameters. The
query string is everything after β€œ?” in the URL. The second type of
parameter is usually referred to as POST data. This information
usually comes from an HTML form which has been filled in by the user.
It’s called POST data because it can only be sent as part of an HTTP
POST request. Rails does not make any distinction between query string
parameters and POST parameters, and both are available in the params
hash in your controller:
It continues a little further down, explaining that the params hash is an instance of HashWithIndifferentAccess, which allows usage of both symbols and strings interchangeably for the keys.
From what I read above, my understanding is that Rails recognizes both parameters (URL & POST) and stores them in the same hash (params).
Can I pass the params hash into a find method in any controller action, or just the create/update actions? I'd also be interested in finding a readable/viewable resource to understand the update_attributes method thats called in a controller's 'update' action.
Please overlook the commented out code, as I am actively searching for answers as well.
Thanks in advance.
Here are the associated files and server log.
Webrick
teams_controller.rb
class TeamsController < ApplicationController
# before_filter :get_university
# before_filter :get_team
def index
#university = University.find(params[:univeristy_id])
#teams = #university.teams
end
def new
#university = University.find(params[:university_id])
#team = #university.teams.build
end
def create
#university = University.find(params[:university_id])
#team = #university.teams.build(params[:team])
if #team.save
redirect_to [#university, #team], success: 'Team created!'
else
render :new, error: 'There was an error processing your team'
end
end
def show
#university = University.find(params[:university_id])
#team = #university.teams.find(params[:id])
end
def edit
#university = University.find(params[:university_id])
#team = #university.teams.find(params[:id])
end
def update
#university = University.find(params[:university_id])
#team = #university.teams.find(params[:id])
if #team.update_attributes(params[:team])
redirect_to([#university, #team], success: 'Team successfully updated')
else
render(:edit, error: 'There was an error updating your team')
end
end
def destroy
#university = University.find(params[:university_id])
#team = #university.teams.find(params[:id])
#team.destroy
redirect_to university_teams_path(#university)
end
private
def get_university
#university = University.find(params[:university_id]) # can't find object without id
end
def get_team
#team = #university.teams.find(params[:id])
end
end
team.rb
class Team < ActiveRecord::Base
attr_accessible :name, :sport_type, :university_id
has_many :home_events, foreign_key: :home_team_id, class_name: 'Event'
has_many :away_events, foreign_key: :away_team_id, class_name: 'Event'
has_many :medias, as: :mediable
belongs_to :university
validates_presence_of :name, :sport_type
# scope :by_university, ->(university_id) { where(team_id: team_id).order(name: name) }
# scope :find_team, -> { Team.find_by id: id }
# scope :by_sport_type, ->(sport_type) { Team.where(sport_type: sport_type) }
# scope :with_university, joins: :teams
# def self.by_university(university_id)
# University.where(id: 1)
# University.joins(:teams).where(teams: { name: name })
# end
def self.by_university
University.where(university_id: university_id).first
end
def self.university_join
University.joins(:teams)
end
def self.by_sport_type(sport_type)
where(sport_type: sport_type)
end
def self.baseball
by_sport_type('Baseball/Softball')
end
end
university.rb
class University < ActiveRecord::Base
attr_accessible :address, :city, :name, :state, :url, :zip
has_many :teams, dependent: :destroy
validates :zip, presence: true, format: { with: /\A\d{5}(-\d+)?\z/ },
length: { minimum: 5 }
validates_presence_of :name, :address, :city, :state, :url
scope :universities, -> { University.order(name: 'ASC') }
# scope :by_teams, ->(university_id) { Team.find_by_university_id(university_id) }
# scope :team_by_university, ->(team_id) { where(team_id: team_id).order(name: name)}
def sport_type
team.sport_type
end
end
views/teams/index.html.erb
Placed in gists for formatting reasons
rake routes output: (in a public gist)
enter link description here
rails console
You're not going to want to have both:
resources :universities #lose this one
resources :universities do
resources :teams
end
As for params... you have to give a param. So, when you go to http://localhost:3000/teams there are no params, by default. If you go to http://localhost:3000/teams/3 then params[:id] = 3 and this will pull up your third team.
Keep in mind the nomenclature of an index. The index action of Teams, is going to list all of the teams. All of them. There is no one University there, so what are you actually trying to find? If anything, you'd have, for your University controller:
def show
#university = University.find(params[:id])
#teams = #university.teams
end
so, the address bar will be showing http://localhost:3000/universities/23, right? params[:id] = 23, then you can find the teams associated with that university.

Passing params to a new template on a failed create action when using accepts_nested_attributes_for

I may just be missing something simple, but I am relatively inexperienced so it is likely. I've searched extensively for a solution without success.
I am using the fields_for function to build a nested form using the accepts_nested_attributes_for function. If the submit on the form fails the params are passed to the render of the new template only for the parent model. How do I pass the nested params for the child model so that fields that have been filled out previously remain filled. Note that I am using simple_form and HAML but I assume this shouldn't impact the solution greatly.
My models:
class Account < ActiveRecord::Base
attr_accessible :name
has_many :users, :dependent => :destroy
accepts_nested_attributes_for :users, :reject_if => proc { |a| a[:email].blank? }, :allow_destroy => true
end
class User < ActiveRecord::Base
attr_accessible :email, :password, :password_confirmation
belongs_to :account
end
My accounts controller:
def new
#account = Account.new
#account.users.build
end
def create
#account = Account.new(params[:account])
if #account.save
flash[:success] = "Welcome."
redirect_to #account
else
#account.users.build
<- I suspect I need something here but unsure what
render :new
end
end
The key part of the accounts/new view:
= simple_form_for #account do |f|
= f.input :name
= f.simple_fields_for :users do |u|
= u.input :email
= u.input :password
= u.input :password_confirmation
= f.button :submit, :value => "Sign up"
My params on a failed save are:
:account {"name"=>"In", "users_attributes"=>{"0"=>{"email"=>"u#e.com", "password"=>"pass", "password_confirmation"=>"pass"}}}
As you can see, the key information, in the users_attributes section, is stored but I can't seem to have the email address default into the new form. Account name on the other hand is filled automatically as per Rails standard. I'm not sure if the solution should live in the accounts controller or in the accounts/new view, and have not had any luck with either.
Answers with .erb are, of course, fine.
I'm fairly new to Ruby and Rails so any assistance would be much appreciated.
The problem lies with attr_accessible, which designates the only attributes allowed for mass assignment.
I feel a bit silly in that I actually stated the problem in a comment last night and failed to notice:
accepts_nested_attributes_for :users will add a users_attributes= writer to the account to update the account's users.
This is true, but with attr_accessible :name, you've precluded every attribute but name being mass-assigned, users_attributes= included. So when you build a new account via Account.new(params[:account]), the users_attributes passed along in params are thrown away.
If you check the log you might note this warning:
WARNING: Can't mass-assign protected attributes: users_attributes
You can solve your original problem by adding :users_attributes to the attr_accessible call in the account class, allowing it to be mass-assigned.
Amazingly, after reading a blog post this evening, and some more trial and error, I worked this out myself.
You need to assign an #user variable in the 'new' action so that the user params are available for use in the 'create' action. You then need to use both the #account and #user variables in the view.
The changes look like this.
Accounts Controller:
def new
#account = Account.new
#user = #account.users.build
end
def create
#account = Account.new(params[:account])
#user = #account.users.build(params[:account][:user]
if #account.save
flash[:success] = "Welcome."
redirect_to #account
else
render :new
end
end
The accounts/new view changes to:
= simple_form_for #account do |f|
= f.input :name
= f.simple_fields_for [#account, #user] do |u|
= u.input :email
= u.input :password
= u.input :password_confirmation
= f.button :submit, :value => "Sign up"
In this case the params remain nested but have the user component explicitly defined:
:account {"name"=>"In", "user"=>{"email"=>"user#example.com", "password"=>"pass", "password_confirmation"=>"pass"}}
It has the additional side effect of removing the #account.users.build from within the else path as #numbers1311407 suggested
I am not certain whether their are other implications of this solution, I will need to work through it in the next few days, but for now I get the information I want defaulted into the view in the case of a failed create action.
#Beerlington and #numbers1311407 I appreciate the help in guiding me to the solution.

Resources