在Rails 3项目中对我的控制器代码运行功能测试时,我有一个致命的错误; params变量包含controller和action,ActiveModel对此不满意:
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: controller, action
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security.rb:228:in `sanitize_for_mass_assignment'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.2.1/lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.2.1/lib/active_record/base.rb:495:in `initialize'
/Users/phooze/Documents/rails-app/app/controllers/credentials_controller.rb:40:in `new'
应用程序调用是“新”方法(发生错误的地方),代码是:
# Credential#create (POST)
def create
@credential = Credential.new(params)
# ... controller continues
end
最后,我的测试用例:
test "should create credential" do
assert_difference('Credential.count', 1) do
post :create, { :fid => "foobarbaz", :credentials_hash => "f00ba7f00ba7", :uid => "10023", :cid => "342" }
end
assert_response :created
end
将我的控制器代码更改为仅包含fid,credentials_hash,uid和cid的“单独”参数哈希使其工作。我很确定Rails试图“很好”并为我提供测试的附加值,但它似乎会导致问题。
有关如何解决此问题的任何建议?
答案 0 :(得分:2)
您似乎设置了config.active_record.mass_assignment_sanitizer = :strict
仅在您的测试环境中,但不在开发或生产中,因为params在任何环境中始终包含controller和action。
我认为此处的最佳做法建议是始终使用form_for,以便您在[{1}}中拥有自己的凭据,或者确实使用params[:credential]。