So, I'm trying to implement simple role based authentication system using Rails and I'm having a problem with final step - changing roles.
role is attribute in
user table and it has a
Idea is that some users with some privilages have ability to change roles.
view looks like this:
<%= f.label :role, 'Role' %>
<%= f.collection_select :role, User::ROLES, :to_s, :humanize,
prompt: 'Select role' %>
update method in
users_controller looks like this:
@user = User.find(params[:id])
if @user.update(update_params) #update_params is method that returns permitted parameters
Problem is that
user[role] is empty after submitting a form.
Everything is pretty much made "by the book". Also, I am using Cancan but it's turned off for
load_and_authorize_resource :except => [:update, :edit].
So, I've found a solution. Since I'm using CanCan and
user_params method so CanCan itself can set permitted parameters, my
update_params method is ignored.
Solution is to add