使用build for virtual attribute的UnknownAttributeError

时间:2012-10-31 23:03:55

标签: ruby-on-rails-3 forms associations nested-attributes virtual-attribute

我有一个包含虚拟属性的嵌套表单:card_number和:card_verification。当我尝试在控制器更新操作中使用这些构建时,我得到ActiveRecord :: UnknownAttributeError。

模型有一个简单的has_one关系,其中约会has_one order 

#/models/appointment.rb
class Appointment < ActiveRecord::Base
  has_one :order
  accepts_nested_attributes_for :order

  attr_accessible (...)
end

#/models/order.rb
class Order < ActiveRecord::Base
  belongs_to :appointment

  attr_accessible :email, (...)
  attr_accessor :card_number, :card_verification
end

我正在生成这样的表单:

# /views/appointments/edit.html.erb
<%= form_for @appointment do |f| %>
  ...
  <%= f.fields_for @appointment.order do |builder| %>
    <%= builder.label :email %>
    <%= builder.text_field :email %> # works fine on its own
    ...
    <%= f.label :card_number %>
    <%= f.text_field :card_number %>

    <%= f.label :card_verification %>
    <%= f.text_field :card_verification %>
  <% end %>
  ...
<% end %>

在控制器中构建:

# /controllers/appointments_controller.rb
def update
  @appointment = Appointment.find(params[:id])
  @order = @appointment.build_order(params[:appointment]['order']) # This line is failing

  if @appointment.update_attributes(params[:appointment].except('order'))
    # ... Success
  else
    # ... Failure
  end
end

有了这个,当我尝试使用params提交更新时,我收到错误Can't mass-assign protected attributes: card_number, card_verification

{"utf8"=>"✓",
 "_method"=>"put",
 "authenticity_token"=>"KowchWLNmD9YtPhWhYfrNAOsDfhb7XHW5u4kdZ4MJ4=",
 "appointment"=>{"business_name"=>"Name",
 "contact_method"=>"Phone",
 "contact_id"=>"555-123-4567",
 "order"=>{"email"=>"user@example.com",
 "first_name"=>"John",
 "last_name"=>"Doe",
 "card_number"=>"4111111111111111", # normally [FILTERED]
 "card_verification"=>"123", # normally [FILTERED]
 "card_type"=>"visa",
 "card_expires_on(1i)"=>"2015",
 "card_expires_on(2i)"=>"11",
 "card_expires_on(3i)"=>"1",
 "address_line_1"=>"123 Main St",
 "address_line_2"=>"",
 "city"=>"Anywhere",
 "state"=>"CA",
 "country"=>"USA",
 "postal_code"=>"90210"}},
 "commit"=>"Submit",
 "id"=>"2"}

一切正常,没有:card_number和:表格中包含的card_verification值。

有谁知道这里出了什么问题?

修改

我可以使用:

@order = @appointment.build_order(params[:appointment]['order'].except('card_number', 'card_verification'))

但这看起来有点笨重。有没有其他方法来解决这个问题?

1 个答案:

答案 0 :(得分:1)

错误消息“无法批量分配受保护的属性”完全与质量分配安全性有关。您可以通过without_protection忽略质量分配检查。

@order = @appointment.build_order(params[:appointment]['order'], without_protection: true)

此链接说明什么是质量分配安全性。 Rails Internals: Mass Assignment Security

如果要指定质量可分配的attrs,请使用attr_accessible:one,:another作为模型属性。 如果您需要其他非模型属性,请使用attr_accessor:card_number,然后使用attr_accessible:card_number来声明并公开它。

我看到你在Order模型中定义card_number和card_verfication,但是你使用form_builder =&gt; f在html中定义这两个字段。请尝试使用fields_for构建器。

相关问题
最新问题