ActiveModel :: MassAssignmentSecurity ::错误:无法批量分配受保护的属性:

时间:2012-04-16 23:58:08

标签: ruby-on-rails-3 activerecord

我正在关注Lynda.com的Ruby on Rail 3 Essential Training教程。我很难创建一个Active Record Entry。这是我在控制台中遇到的错误。

1.9.3p125 :007 > user = User.new(:first_name => "Mike", :last_name => "Jones")
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: first_name, last_name
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security.rb:230:in `sanitize_for_mass_assignment'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activerecord-3.2.3/lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activerecord-3.2.3/lib/active_record/base.rb:498:in `initialize'
    from (irb):7:in `new'
    from (irb):7
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/railties-3.2.3/lib/rails/commands/console.rb:47:in `start'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/railties-3.2.3/lib/rails/commands/console.rb:8:in `start'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/railties-3.2.3/lib/rails/commands.rb:41:in `<top (required)>'
    from script/rails:6:in `require'
    from script/rails:6:in `<main>`

这就是我的模型中的内容:

class User < ActiveRecord::Base
  attr_accessible :first_name, :last_name
end

我做错了什么。我有轨道3.2.3

6 个答案:

答案 0 :(得分:10)

据我所知,lynda课程是在rails3和rails 3.2.3上开发的,默认情况下没有质量分配。你必须去模型并添加attr_accessible:name,:position,:visible。基本上你必须添加你想要批量分配的每个属性。

答案 1 :(得分:4)

尝试重新启动控制台。如果在启动控制台后为用户创建了模型,则应重新启动它。

答案 2 :(得分:2)

没有任何预防措施批量分配允许攻击者设置任何数据库列的值,因此默认情况下已禁用。 

def signup
  params[:user] # => {:name => “ow3ned”, :admin => true}
  @user = User.new(params[:user])
end

详细说明位于Ruby On Rails Security Guide

答案 3 :(得分:2)

我刚刚将attr_accessible:first_name,:last_name,:username行添加到models文件中。 这对我有用。

答案 4 :(得分:2)

我也跟随Lynda.com的Ruby on Rail 3 Essential Training教程,如果有人遇到同样的问题,这对我有用,

关闭安全设置。打开config / application.rb并将config.active_record.whitelist_attributes更改为false而不是true。这使您的应用程序不那么安全,但允许您快速推进本教程。 这来自:http://www.lynda.com/Ruby-on-Rails-3-tutorials/essential-training/55960-2/faqs

答案 5 :(得分:0)

确保将attr_accessible :first_name, :last_name放在用户模型中,而不是放在控制器中。

相关问题
最新问题