Home/ Questions/Q 8593915
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T00:05:40+00:00

I have a User model with a has_one :image relationship to an Image model

  • 0

I have a User model with a has_one :image relationship to an Image model. I want each user to have a photo but I want the photos to be stored in a model separate from the User model, namely the Image model.
I am using paperclip to help with adding an image.
However when I try to create a new user through my view I get the following error:

ActiveModel::MassAssignmentSecurity::Error in UsersController#create
Can't mass-assign protected attributes: image_attributes

I don’t have a image_attributes variable. Why is this happening? Is my implementation flawed? I want a separate table to hold the images, because in the future I wish users to have many images.

<% provide(:title, 'Sign up') %>
<h1>Sign up</h1>

<%= form_for @user do |f| %>

<%= render 'shared/error_messages' %>

      <%= f.label :first_name %>
      <%= f.text_field :first_name %>
<br>
      <%= f.label :last_name %>
      <%= f.text_field :last_name %>
<br>
      <%= f.label :email %>
      <%= f.text_field :email %>
<br>

<%= f.fields_for :image, :html => {:multipart => true} do |asset| %>
      <%= asset.label :photo %>
      <%= asset.file_field :photo %>
  <% end %>


<br>
      <%= f.label :password %>
      <%= f.password_field :password %>
<br>
      <%= f.label :password_confirmation, "Confirmation" %>
      <%= f.password_field :password_confirmation %>
<br>
      <%= f.submit "Create my account"%>
    <% end %>

User Controller

  class UsersController < ApplicationController

  #calls method signed_in_users.
  before_filter :signed_in_user, only: [:index, :edit, :update, :show]
  #ensures only the correct user can modify their own data
  before_filter :correct_user,   only: [:edit, :update]


  def new
    @user = User.new
    #@user.image.build
    @user.build_image

  end

  def show # personal profile page

    #Method to make sure only the signed in user can edit their information
    if User.id_equals_cookie(params[:id], cookies[:remember_token])
      @user = User.find(params[:id])
    else
      redirect_to root_url
    end
  end

  def create
    @user = User.new(params[:user])
    if @user.save
      sign_in @user #method defined in sessions_helper
      flash[:notice] = "Thank you for signing up." #the view template must be configured to be seen.
      redirect_to @user #does user_path work???
    else
      render 'new' #flash[:warning]
    end
  end

  def edit
  end

  def update
    @user = User.find(params[:id])
    if @user.update_attributes(params[:user])
      flash[:success] = "Profile updated"
      sign_in @user
      redirect_to @user
    else
      render 'edit'
    end
  end

  def index

  end


  private

  #should this be in the users_helper.rb file
    def signed_in_user
      redirect_to signin_url, notice: "Please sign in." unless signed_in?
    end

    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_path) unless current_user?(@user) #current_user is defined in the sessions_helper.rb
    end

end

User Model

# == Schema Information
#
# Table name: users
#
#  id              :integer          not null, primary key
#  email           :string(255)
#  created_at      :datetime         not null
#  updated_at      :datetime         not null
#  password_digest :string(255)
#  remember_token  :string(255)
#  first_name      :string(255)
#  last_name       :string(255)
#  full_name       :string(255)
#  birthdate       :date
#

class User < ActiveRecord::Base
  has_one :image, :dependent => :destroy #images?
  accepts_nested_attributes_for :image #images?
  attr_accessible :email, :first_name, :last_name, :full_name, :birthdate, :password, :password_confirmation

  #magic to require a password, make sure passwords match, authenticate
  has_secure_password

  before_save { |user| user.email = email.downcase } #help ensure uniqueness
  before_save :create_remember_token

  #validates :name,  presence: true, length: { maximum: 50 }
  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
  validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: {case_sensitive: false}
  validates :password, presence: true, length: { minimum: 6 }
  validates :password_confirmation, presence: true


  def self.id_equals_cookie(id, cookie)
    @user_of_cookie = find_by_remember_token(cookie)
    @user_of_id = find(id)    
    if @user_of_cookie == nil
      false
    elsif @user_of_id == @user_of_cookie
      true
    else
      false
    end
  end

  private

    def create_remember_token
      self.remember_token = SecureRandom.urlsafe_base64
    end
end

Image Model

# == Schema Information
#
# Table name: images
#
#  id                 :integer          not null, primary key
#  created_at         :datetime         not null
#  updated_at         :datetime         not null
#  photo_file_name    :string(255)
#  photo_content_type :string(255)
#  photo_file_size    :integer
#  photo_updated_at   :datetime
#  user_id            :integer
#


require 'paperclip'
class Image < ActiveRecord::Base
  belongs_to :user
  has_attached_file :photo
  attr_accessible :photo, :photo_file_name, :photo_content_type, :photo_file_size, :photo_updated_at

end
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    write this in your model

    attr_accessible :image_attributes
    • 0