users controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin

class UsersController < ApplicationController  
  before_filter :login_required
  # require_role :admin

  def new
    @user = User.new
  end

  def create
    cookies.delete :auth_token
    # protects against session fixation attacks, wreaks havoc with 
    # request forgery protection.
    # uncomment at your own risk
    # reset_session
    params[:user][:role_ids] ||= []
    @user = User.new(params[:user])
    @user.save
    if @user.errors.empty?
      self.current_user = @user
      redirect_back_or_default('/')
      flash[:notice] = "Thanks for signing up!"
    else
      render :action => 'new'
    end
  end




end

new users view

<%= error_messages_for :user %>

<% form_for(@user) do |f| -%>


<%= f.text_field :login %>


<%= f.text_field :email %>


<%= f.password_field :password %>


<%= f.password_field :password_confirmation %>

    <% for role in Role.find(:all, :order => :name) %>
  • <%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %>
  • <% end %>

<%= submit_tag 'Sign up' %>

<% end -%>

sessions (edit user) controller from restful_authentication and addition of params[:user][:role_ids] ||= [] for role_requirement plugin on update action

# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController
  before_filter :login_required, :except => [:new, :create]

  # render new.rhtml
  def new
  end

  def create
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
      if params[:remember_me] == "1"
        current_user.remember_me unless current_user.remember_token?
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      end
      redirect_back_or_default('/')
      flash[:notice] = "Logged in successfully"
    else

      flash[:error] = "Incorrect username and/or password"
      render :action => 'new'
    end
  end

  def destroy
    self.current_user.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
    flash[:notice] = "You have been logged out."
    redirect_back_or_default('/')
  end

  def edit    
    @user = User.find(params[:id], :conditions => ["id = ?", current_user.id])
  end

  def update  
    params[:user][:role_ids] ||= []  
    @user = User.find(params[:id])
    if @user.update_attributes(params[:user])
      flash[:notice] = "User was successfully updated."
      redirect_to :action => 'edit', :id => @user
    else
      flash[:error] = 'Unsuccessful. Try again.'
      redirect_to :action => 'edit', :id => @user
    end
  end

  def change_password    
    @user = User.find(params[:id])

    return unless request.post?
      if (params[:password] == params[:password_confirmation])
        current_user.password_confirmation = params[:password_confirmation]
        current_user.password = params[:password]
        flash[:notice] = current_user.save ?
        "Password changed" : 
        "Password not changed. Try again."

      else
        flash[:error] = "Password mismatch. Try again." 
        @old_password = params[:old_password]
      end
  end
end

sessions edit view

<%= error_messages_for 'user' %>
<% form_tag(:action => 'update', :id => @user) do %>


<%= text_field 'user', 'login' %>


<%= text_field 'user', 'email' %>

    <% for role in Role.find(:all, :order => :name) %>
  • <%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%= role.name %>
  • <% end %>

<%= submit_tag 'Edit' %>

<% end %>

user.rb model

class User < ActiveRecord::Base
  # needed this to fix Can't mass assign these protected attributes: role_ids
  attr_accessible :role_ids

end