looking at your code again, i don’t see the

has_one :profile

declaration. you need this to make the association work, which would explain why the profile_id is failing to be populated.

the important parts are

has_one :profile
accepts_nested_attributes_for :profile
attr_accessible :profile_attributes

# – minus < & > tags for this erb code
f.fields_for :profile do |profile|
profile.text_field :favorite_color %>
end

thanks for the comments… i enjoy them. also, you may want to take a look at AuthLogic. It is the new standard for Rails authentication plugins. http://railscasts.com/episodes/160-authlogic Ryan Bates has a great screencast for setting it up.

Can’t seem to post the script or links, so?

I’ll try to share my code with “pre” tags here. If that fails, I try that pastie solution…

# in models/user.rb
require ‘digest/sha1′

class User :destroy
accepts_nested_attributes_for :profile, :allow_destroy => true

# has_role? simply needs to return true or false whether a user has a role or not.
# It may be a good idea to have “admin” roles return true always
def has_role?(role_in_question)
@_list ||= self.roles.collect(&:name)
return true if @_list.include?(“admin”)
(@_list.include?(role_in_question.to_s) )
end
# —————————————
include Authentication
include Authentication::ByPassword
include Authentication::ByCookieToken
include Authorization::StatefulRoles
# validates_presence_of :login
# validates_length_of :login, :within => 3..40
# validates_uniqueness_of :login
# validates_format_of :login, :with => Authentication.login_regex, :message => Authentication.bad_login_message

validates_format_of :name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true
validates_length_of :name, :maximum => 100

validates_presence_of :email
validates_length_of :email, :within => 6..100 #r@a.wk
validates_uniqueness_of :email
validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message

#validates_presence_of :company, :address, :country, :company_type, :phone, :fax, :end_product, :end_product_use, :end_product_categories, :end_user_countries, :statement_name, :statement_signature, :statement_title

# HACK HACK HACK — how to do attr_accessible from here?
# prevents a user from submitting a crafted form that bypasses activation
# anything else you want your user to change should be added here.
#attr_accessible :profile_attributes, :profile, :login, :email, :name, :password, :password_confirmation#, :company, :address, :country, :company_type, :phone, :fax, :end_product, :end_product_use, :end_product_categories, :end_user_countries, :statement_name, :statement_signature, :statement_title, :end_use_production_date, :website, :ultimate_consignee_name, :ultimate_consignee_address, :ultimate_consignee_type, :ultimate_consignee_website

# Authenticates a user by their login name and unencrypted password. Returns the user or nil.
#
# uff. this is really an authorization, not authentication routine.
# We really need a Dispatch Chain here or something.
# This will also let us return a human error message.
#
def self.authenticate(email, password)
u = find_in_state :first, :active, :conditions => {:email => email} # need to get the salt
u && u.authenticated?(password) ? u : nil
end

def self.legacy(email, password)
u = LegacyUser.find(:first, :conditions => {:email => email, :password => password})
u ? u : nil
end

def login=(value)
write_attribute :login, (value ? value.downcase : nil)
end

def email=(value)
write_attribute :email, (value ? value.downcase : nil)
end

protected

def make_activation_code
self.deleted_at = nil
self.activation_code = self.class.make_token
end
end

# in models/profile.rb
class Profile < ActiveRecord::Base
belongs_to :user
validates_presence_of :address, :company,
:country, :company_type, :phone,
:statement_name, :statement_signature, :statement_title,
:end_product_use, :end_use_production_date, :end_product_categories

# def accessible_to(user_id)
# if self.user.id == user_id || admin?
# return true
# end
# end

end

# in views/users/_form.html.erb

{:action => ‘create’} do |f| %>

“/profiles/form”, :locals=>{:profile_form => profile_form } %>

#in controllers/users_controller.rb
def new
@user = User.new
@user.build_profile
end

Good blog post though!

use the “pre” tag instead of code… but if you have a lot of code and code that uses < and > characters, it’s easier to use a pastie http://pastie.org and share the link

User Model

require 'digest/sha1'

class User  :destroy
  #accepts_nested_attributes_for :profile, :allow_destroy => true

  # has_role? simply needs to return true or false whether a user has a role or not.
  # It may be a good idea to have "admin" roles return true always
  def has_role?(role_in_question)
    @_list ||= self.roles.collect(&:name)
    return true if @_list.include?("admin")
    (@_list.include?(role_in_question.to_s) )
  end
  # ---------------------------------------
  include Authentication
  include Authentication::ByPassword
  include Authentication::ByCookieToken
  include Authorization::StatefulRoles
  # validates_presence_of     :login
  # validates_length_of       :login,    :within => 3..40
  # validates_uniqueness_of   :login
  # validates_format_of       :login,    :with => Authentication.login_regex, :message => Authentication.bad_login_message

  validates_format_of       :name,     :with => Authentication.name_regex,  :message => Authentication.bad_name_message, :allow_nil => true
  validates_length_of       :name,     :maximum => 100

  validates_presence_of     :email
  validates_length_of       :email,    :within => 6..100 #r@a.wk
  validates_uniqueness_of   :email
  validates_format_of       :email,    :with => Authentication.email_regex, :message => Authentication.bad_email_message

  #validates_presence_of     :company, :address, :country, :company_type, :phone, :fax, :end_product, :end_product_use, :end_product_categories, :end_user_countries, :statement_name, :statement_signature, :statement_title

  # HACK HACK HACK -- how to do attr_accessible from here?
  # prevents a user from submitting a crafted form that bypasses activation
  # anything else you want your user to change should be added here.
  attr_accessible :profile_attributes, :profile, :login, :email, :name, :password, :password_confirmation#, :company, :address, :country, :company_type, :phone, :fax, :end_product, :end_product_use, :end_product_categories, :end_user_countries, :statement_name, :statement_signature, :statement_title, :end_use_production_date, :website, :ultimate_consignee_name, :ultimate_consignee_address, :ultimate_consignee_type, :ultimate_consignee_website

  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
  #
  # uff.  this is really an authorization, not authentication routine.
  # We really need a Dispatch Chain here or something.
  # This will also let us return a human error message.
  #
  def self.authenticate(email, password)
    u = find_in_state :first, :active, :conditions => {:email => email} # need to get the salt
    u && u.authenticated?(password) ? u : nil

  end

  def self.legacy(email, password)
    u = LegacyUser.find(:first, :conditions => {:email => email, :password => password})
    u ? u : nil
  end

  def login=(value)
    write_attribute :login, (value ? value.downcase : nil)
  end

  def email=(value)
    write_attribute :email, (value ? value.downcase : nil)
  end

  protected

    def make_activation_code
        self.deleted_at = nil
        self.activation_code = self.class.make_token
    end

end

Views/Users/_form.html.erb

User model:

require 'digest/sha1'

class User  :destroy
  #accepts_nested_attributes_for :profile, :allow_destroy => true

  # has_role? simply needs to return true or false whether a user has a role or not.
  # It may be a good idea to have "admin" roles return true always
  def has_role?(role_in_question)
    @_list ||= self.roles.collect(&:name)
    return true if @_list.include?("admin")
    (@_list.include?(role_in_question.to_s) )
  end
  # ---------------------------------------
  include Authentication
  include Authentication::ByPassword
  include Authentication::ByCookieToken
  include Authorization::StatefulRoles
  # validates_presence_of     :login
  # validates_length_of       :login,    :within => 3..40
  # validates_uniqueness_of   :login
  # validates_format_of       :login,    :with => Authentication.login_regex, :message => Authentication.bad_login_message

  validates_format_of       :name,     :with => Authentication.name_regex,  :message => Authentication.bad_name_message, :allow_nil => true
  validates_length_of       :name,     :maximum => 100

  validates_presence_of     :email
  validates_length_of       :email,    :within => 6..100 #r@a.wk
  validates_uniqueness_of   :email
  validates_format_of       :email,    :with => Authentication.email_regex, :message => Authentication.bad_email_message

  #validates_presence_of     :company, :address, :country, :company_type, :phone, :fax, :end_product, :end_product_use, :end_product_categories, :end_user_countries, :statement_name, :statement_signature, :statement_title

  # HACK HACK HACK -- how to do attr_accessible from here?
  # prevents a user from submitting a crafted form that bypasses activation
  # anything else you want your user to change should be added here.
  attr_accessible :profile_attributes, :profile, :login, :email, :name, :password, :password_confirmation#, :company, :address, :country, :company_type, :phone, :fax, :end_product, :end_product_use, :end_product_categories, :end_user_countries, :statement_name, :statement_signature, :statement_title, :end_use_production_date, :website, :ultimate_consignee_name, :ultimate_consignee_address, :ultimate_consignee_type, :ultimate_consignee_website

  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
  #
  # uff.  this is really an authorization, not authentication routine.
  # We really need a Dispatch Chain here or something.
  # This will also let us return a human error message.
  #
  def self.authenticate(email, password)
    u = find_in_state :first, :active, :conditions => {:email => email} # need to get the salt
    u && u.authenticated?(password) ? u : nil

  end

  def self.legacy(email, password)
    u = LegacyUser.find(:first, :conditions => {:email => email, :password => password})
    u ? u : nil
  end

  def login=(value)
    write_attribute :login, (value ? value.downcase : nil)
  end

  def email=(value)
    write_attribute :email, (value ? value.downcase : nil)
  end

  protected

    def make_activation_code
        self.deleted_at = nil
        self.activation_code = self.class.make_token
    end

end

Profile Model:

class Profile < ActiveRecord::Base
  belongs_to :user
end

Views/Users/_form.html.erb

  # HACK HACK HACK -- how to do attr_accessible from here?
  # prevents a user from submitting a crafted form that bypasses activation
  # anything else you want your user to change should be added here.
  attr_accessible :login, :email, :name, :password, :password_confirmation

Try adding :profile to the attr_accessible list or… commenting out the attr_accessible line altogether. You can use attr_protected instead and explicitly list attributes unavailable for mas assignment. A blacklist as opposed to a whitelist approach to protecting your model attributes.