WARNING: Can't mass-assign protected attributes

Question

When doing a post to /:username/about I'm getting "WARNING: Can't mass-assign protected attributes: about".

class About < ActiveRecord::Base
  belongs_to :user
  accepts_nested_attributes_for :user
  attr_accessible :user_id, :sexuality, :relationship_status, :living_with, :religion, :web, :languages 
  attr_accessible :appearance_ethnicity, :appearance_height, :appearance_weight, :appearance_hair, :appearance_piercings, :appearance_tattoo, :appearance_eyes_color
  attr_accessible :interest_list, :music_list, :movie_list, :book_list, :tv_list
  validates_presence_of :user_id
end

class User < ActiveRecord::Base
  ...
  accepts_nested_attributes_for :about
end

class AboutsController < ApplicationController
  def update 
    @user = User.first(:conditions => ["lower(username) = ?", params[:username].downcase]) if true
    @about = @user.about
    if @about.update_attributes(params[:about])
      flash[:notice] = "Successfully updated post."
      respond_with(@about, :location => about_path(@about.user.username))
    else
      redirect_to :edit
    end
  end 
end

And I'm getting

 Started POST "/heaven/about" for 127.0.0.1 at Tue Mar 01 02:57:08 -0200 2011
 Processing by AboutsController#update as HTML
 Parameters: {"commit"=>"Update Profile", "authenticity_token"=>"7/Xcv0z07A3JvsTiDlapoghi25sIjgiFfhN33hFWfoU=", "utf8"=>"✓", "username"=>"roses", "about"=>{"about"=>{"sexuality"=>"not_specified", "book_list"=>"", "relationship_status"=>"not_specified", "appearance_eyes_color"=>"not_specified", "music_list"=>"", "appearance_height"=>"", "living_with"=>"not_specified", "movie_list"=>"", "tv_list"=>"", "appearance_hair"=>"not_specified", "religion"=>"not_specified", "web"=>"", "interest_list"=>"", "appearance_weight"=>"", "appearance_piercings"=>"", "appearance_tattoo"=>""}}}
 WHERE type = 'table' AND NOT name = 'sqlite_sequence'
  User Load (0.8ms)  SELECT "users".* FROM "users" WHERE (lower(username) = 'heaven') LIMIT 1
  About Load (0.5ms)  SELECT "abouts".* FROM "abouts" WHERE ("abouts".user_id = 2) LIMIT 1
WARNING: Can't mass-assign protected attributes: about
CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE ("users"."id" = 2) LIMIT 1
Redirected to http://localhost:3000/heaven/about
Completed 302 Found in 832ms

Thanks.

Answer 1

You need to set attr_accessible :about_attributes.

Answer 2

Make sure all the fields which you are trying to update in the about model mentioned in the attr_accessible within the About model.

Answer 3

The problem is with the extra about in the parameter: "about"=>{"about"=>{"sexuality"....

You probably have something like this in your form:

<%= form_for @about do |f| %>
  <%= f.fields_for @about do |a| %>
     <%= a.text_field :sexuality %>
     ...
  <% end %>
<% end %>

The fields_for block causes the extra about in the parameters. Just remove it and you should be good to go.

Answer 4

This happened to me because I added a column via a migration after the generator had created the model. So if you add a column, edit the model.