ruby-on-rails - Rails 5 - 禁止的属性
问题描述
当我将所有属性添加到必要的函数并在正确的位置引用它(据我所知)时,Rails 在尝试创建时抛出错误。可以成功更新。不幸的是,它发生在多个控制器上。我认为问题对所有人来说都是一样的。
这是升级到 rails 5(之前是 rails 2)的一部分。Ruby 版本:2.6.3
创建函数:
def create
@shipment_method = ShipmentMethod.new(shipment_methods_params)
respond_to do |format|
if @shipment_method.save
format.html { redirect_to shipment_methods_url, notice: 'Shipment method was successfully created.' }
format.json { render json: @shipment_method, status: :created, location: @shipment_method }
else
format.html { render action: "new" }
format.json { render json: @shipment_method.errors, status: :unprocessable_entity }
end
end
end
参数功能:
def shipment_methods_params
params.require(:shipment_method).permit(:name, :description, :shipping_url, :active, :supports_tracking, :requires_phone)
end
请求参数:
Request parameters
{"utf8"=>"✓", "authenticity_token"=>"KjPFsCA5xwgeIx4U3eOH4sA1IuYY5FSw6kvK16XyyKarEzlxSi6N04LFBdsJHWyIwt+ujv6gz9D+flYBeJ+pWA==", "shipment_method"=>{"name"=>"1", "description"=>"1", "shipping_url"=>"1", "active"=>"0", "supports_tracking"=>"0", "requires_phone"=>"0"}, "commit"=>"Create Shipment method", "controller"=>"shipment_methods", "action"=>"create"}
请求的服务器日志:
Processing by ShipmentMethodsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"KjPFsCA5xwgeIx4U3eOH4sA1IuYY5FSw6kvK16XyyKarEzlxSi6N04LFBdsJHWyIwt+ujv6gz9D+flYBeJ+pWA==", "shipment_method"=>{"name"=>"1", "description"=>"1", "shipping_url"=>"1", "active"=>"0", "supports_tracking"=>"0", "requires_phone"=>"0"}, "commit"=>"Create Shipment method"}
User Load (0.6ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 5 ORDER BY `users`.`id` ASC LIMIT 1
Completed 500 Internal Server Error in 4ms (ActiveRecord: 0.6ms)
ActiveModel::ForbiddenAttributesError - ActiveModel::ForbiddenAttributesError:
全班:
class ShipmentMethod < ActiveRecord::Base
# public :description, :active, :name, :requires_phone, :supports_tracking, :shipping_url
## Associations
has_many :shipments
## Validations
validates :name, presence: true, uniqueness: true
## Scopes
default_scope -> {order(:name)}
scope :active, -> {where("active = 1")}
end
解决方案
如果您的控制器中有一个load_and_authorize_resource
before 操作,那么正在发生的事情是该方法正在获取您的参数并尝试在它到达该方法之前创建一个实例。因此它会忽略您创建的强参数。
所以,当然,它永远不会到达方法和 BAM——可怕的FAE。
一种补救措施是调整之前的操作......
load_and_authorize_resource :shipment_method, except: [:create]
authorize_resource :shipment_method, only: [:create]
但这很乏味。
另一种是将您的强参数方法的名称更改为shipment_method_params
...
def shipment_method_params
params.require(:shipment_method).permit(:name, :description, :shipping_url, :active, :supports_tracking, :requires_phone)
end
因为,Rails 及其对约定的热爱。如果您对这些操作有不同的参数,create_params
您也可以单独制作。update_params
推荐阅读
- php - 如何在codeigniter 4中使用表别名?
- kubernetes - 我的 Pod 没有出现在普罗米修斯目标中
- spacy - 尝试在 Jupiter Notebook 中使用 BERT 模型时出错
- reactjs - 将一个反应组件一分为二
- winapi - 在 IFrameworkView 中未调用 Suspending()、Resuming()、Closed() 和 Uninitialize()
- tensorflow - 在 TensorFlow Federated 中使用 update_struct 函数时出错
- ruby-on-rails-4 - Sidetiq::Supervisor:Class 的未定义方法“池”
- java - dbutils.fs.ls 在过滤器中返回 FileNotFoundException 异常
- kotlin - 在新安装的 IntelliJ IDEA 中使用默认设置创建新的 Kotlin 项目时,Gradle 同步失败
- google-sheets - 谷歌表格下拉更改自动基于单元格值