Can't mass-assign protected attributes devise error when using nested form

Question

I have searched for quite a long, but could not found the solution. Here are my models:

web.rb

class Web < ActiveRecord::Base
   devise :database_authenticatable, :registerable,
     :recoverable, :rememberable, :trackable, :validatable

  attr_accessible :email, :password, :password_confirmation, :user_type, :remember_me

  belongs_to :role, :polymorphic => true
end

user.rb

class User < ActiveRecord::Base
 has_one :web, :as => :role
 attr_accessible :dob, :fname, :lname
end

org.rb

class Org < ActiveRecord::Base
  has_one :web, :as => :role
  attr_accessible :name, :website
end

Everything seems fine until i use the simple_form_for instead of normal form_for in the devise/registration/new.html.erb

<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :class => 'form-horizontal' }) do |f| %>

  <%= f.input :email, label: false, :input_html => { :class => "span6", placeholder: "Email", type: "email", required: true}%>

  <%= f.input :password, label: false, :input_html => { :class => "span6", placeholder: "Password", type: "password" }%>

  <%= f.input :password_confirmation, label: false, :input_html => { :class => "span6", placeholder: "Re-enter Password", type: "password" }%>

  <%= f.input :user_type, as: :hidden, :input_html => { :value => user_type} %>

  <%= f.simple_fields_for resource.role do |rf| %>
    <%= render :partial => "#{child_class_name.underscore}_fields", :locals => { :f => rf } %>
  <% end %>
  <%= f.submit "Sign up" %>
<% end %>

The nesting part puts the partial with appropriate model_fields name which contains corresponding fields.

*_org_fields.html.erb*

<%= f.text_field :name, :class=>"span6", :type=>"text", :placeholder=>"Name", :required=>"" %><br />
<%= f.text_field :website, :class=>"span6", :type=>"text", :placeholder=>"Website", :required=>"" %>

The problem is with the f.simple_fields_for, if i remove simple_ everything works fine. But i don't want it to be removed. The error i encounter is:

 ActiveModel::MassAssignmentSecurity::Error in Devise::RegistrationsController#create

 Can't mass-assign protected attributes: org

The request parameters are:

{"utf8"=>"✓",
 "authenticity_token"=>"NnsyNdrrKJmd8QutqVs6HqZi0EnQmAmZF7zGYqnu+rI=",
 "web"=>{"email"=>"",
 "password"=>"[FILTERED]",
 "password_confirmation"=>"[FILTERED]",
 "user_type"=>"org",
 "org"=>{"name"=>"",
 "website"=>""}},
 "commit"=>"Sign up"}

Please Help.

Answer 1

In Web, add:

attr_accessible :role_attributes
accepts_nested_attributes_for :role

Edit: Originally had it as User but Devise resource is Web.

Edit2: Missed the as: :role. Changed the attr values to reflect.