## Problem: when i edit a user and either give or take a way administrator statu

1. ## Problem: when i edit a user and either give or take a way administrator status (boolean in table) and click save, it says that it is successfully saved, but in reality fails to update the row in the table.
2. Console gives the following warning:
3. WARNING: Can't mass-assign these protected attributes: administrator
4.  
5. ## edit.html.erb
6. <% if logged_in? && current_user.administrator? %>
7. <p><label for="user_administrator">Administrator</label><br />
8. <%= f.check_box :administrator %></p>
9.  
10.  
11. ## user_controller.rb
12. def update
13. @user = User.find(params[:id])
14.  
15. respond_to do |format|
16. if @user.update_attributes(params[:user])
17. flash[:notice] = 'User was successfully updated.'
18. format.html { redirect_to(@user) }
19. format.xml { head :ok }
20. else
21. format.html { render :action => "edit" }
22. format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
23. end
24. end
25. end
26.  
27. ## Migration to add the administrator column
28. class AddAdministratorColumnToUser < ActiveRecord::Migration
29. def self.up
30. add_column :users, :administrator, :boolean, :default => false
31. end
32.  
33. def self.down
34. remove_column :users, :administrator
35. end
36. end
37.  
38.  
39. ## user.rb
40. require 'digest/sha1'
41. class User < ActiveRecord::Base
42. # Virtual attribute for the unencrypted password
43. attr_accessor :password
44.  
45. validates_presence_of :login, :email
46. validates_presence_of :password, :if => :password_required?
47. validates_presence_of :password_confirmation, :if => :password_required?
48. validates_length_of :password, :within => 4..40, :if => :password_required?
49. validates_confirmation_of :password, :if => :password_required?
50. validates_length_of :login, :within => 3..40
51. validates_length_of :email, :within => 3..100
52. validates_uniqueness_of :login, :email, :case_sensitive => false
53. before_save :encrypt_password
54.  
55. # prevents a user from submitting a crafted form that bypasses activation
56. # anything else you want your user to change should be added here.
57. attr_accessible :login, :email, :password, :password_confirmation
58.  
59. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
60. def self.authenticate(login, password)
61. u = find_by_login(login) # need to get the salt
62. u && u.authenticated?(password) ? u : nil
63. end
64.  
65. # Encrypts some data with the salt.
66. def self.encrypt(password, salt)
67. Digest::SHA1.hexdigest("--#{salt}--#{password}--")
68. end
69.  
70. # Encrypts the password with the user salt
71. def encrypt(password)
72. self.class.encrypt(password, salt)
73. end
74.  
75. def authenticated?(password)
76. crypted_password == encrypt(password)
77. end
78.  
79. def remember_token?
80. remember_token_expires_at && Time.now.utc < remember_token_expires_at
81. end
82.  
83. # These create and unset the fields required for remembering users between browser closes
84. def remember_me
85. remember_me_for 2.weeks
86. end
87.  
88. def remember_me_for(time)
89. remember_me_until time.from_now.utc
90. end
91.  
92. def remember_me_until(time)
93. self.remember_token_expires_at = time
94. self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
95. save(false)
96. end
97.  
98. def forget_me
99. self.remember_token_expires_at = nil
100. self.remember_token = nil
101. save(false)
102. end
103.  
104. # Returns true if the user has just been activated.
105. def recently_activated?
106. @activated
107. end
108.  
109. protected
110. # before filter
111. def encrypt_password
112. return if password.blank?
113. self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
114. self.crypted_password = encrypt(password)
115. end
116.  
117. def password_required?
118. crypted_password.blank? || !password.blank?
119. end
120.  
121.  
122. end