• Registered: 2007-12-09
  • Posts: 13

Topic: Updating Users with Restful Authentication?

Hi everyone,

I'm a bit new to rails but I'd really appreciate some help with this. I have the Restful_Authentication plugin administering accounts on my rails app. I wanted to take the usual username/email/password at signup but also allow users to update their details later with things like location, website, image url etc.

I tried to do this by adding to the Users table in the database and using a simple update form like the one below to alter the details but for some reason it's not updating the attributes of the user. It redirects back to the index page as if it has all worked but it hasn't.

I'd really appreciate knowing why this isn't working as I'm all out of ideas now. If anyone can help I'd really appreciate it.

-------------------------------------------------------------------

The Users_Controller added:
  def edit
    @user = User.find(params[:id])
  end
  
  def update_profile
    @u = User.find(params[:id])
    @u.update_attributes(params[:user])
    redirect_back_or_default('/sample')
  end

-------------------------------------------------------------------

And in application.rhtml:

<%if logged_in? %>
<% @user = User.find_by_login(current_user.login) %>
Logged in as <%= current_user.login %> with an ID number of <%= @user.id %>
<%= link_to("logout", :controller => 'logout')%>, <%= link_to("edit", :controller => 'Users', :action => 'edit', :id => @user.id) %>
<% end %>

--------------------------------------------------------------------

Edit.rhtml looks like:

<%if logged_in? %>
<% form_for :user, @user,
  :url => { :action => :update_profile, :id => @user.id } do |s| %>
  
  <p>
  Username: <%= @user.login %>
  </p>
  <p>
  location: <%= @user.location %><br />
  <%= s.text_field :location %>
</p>
<p>
  occupation:<br />
  <%= s.text_field :occupation %>
</p>
<p>
  website:<br />
  <%= s.text_field :weburl %>
</p>
<p>
  <%= submit_tag %>
</p>
<% end %>
<% end %>

--------------------------------------------------------------------

I also added this to routes.rb:

map.edit_profile '/edit_profile', :controller => 'users', :action => 'edit'

Thanks!

  • Registered: 2007-08-30
  • Posts: 785

Re: Updating Users with Restful Authentication?

It's probably because of the restrictions on the User model (attr_accessible or attr_protected, in particular). But allowing users access to any part of the User model via mass assignment is dangerous. That's why many people create a separate Profile model and link it via a 1:1 (belongs_to, has_one) relationship.