您好我正在一个可以投票购买产品的应用程序中工作,而且从我的投票视图的新操作中我得到了这个错误:
ActiveModel :: MassAssignmentSecurity :: VotesController中的错误#create
无法批量分配受保护的属性:product,user
我在rails控制台上进行了测试,但它确实有效。所以我不知道它到底发生了什么。
以下是模型:
class Product < ActiveRecord::Base
attr_accessible :title
has_many :votes
has_many :users, :through => :votes
has_attached_file :photo, :styles => { :medium => "300x300" }
before_save { |product| product.title = title.titlecase }
validates :title, presence: true, uniqueness: { case_sensitive: false }
validates :photo, :attachment_presence => true
end
class User < ActiveRecord::Base
has_many :votes
has_many :products, :through => :votes
def self.from_omniauth(auth)
where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.oauth_token = auth.credentials.token
user.oauth_expires_at = Time.at(auth.credentials.expires_at)
user.save!
end
end
end
class Vote < ActiveRecord::Base
attr_accessible :product_id, :user_id
belongs_to :product
belongs_to :user
end
这是投票控制器
class VotesController < ApplicationController
# GET /votes
# GET /votes.json
def index
@votes = Vote.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: @votes }
end
end
# GET /votes/1
# GET /votes/1.json
def show
@vote = Vote.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: @vote }
end
end
# GET /votes/new
# GET /votes/new.json
def new
@vote = Vote.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: @vote }
end
end
# GET /votes/1/edit
def edit
@vote = Vote.find(params[:id])
end
# POST /votes
# POST /votes.json
def create
@vote = Vote.new(params[:vote])
respond_to do |format|
if @vote.save
format.html { redirect_to @vote, notice: 'Vote was successfully created.' }
format.json { render json: @vote, status: :created, location: @vote }
else
format.html { render action: "new" }
format.json { render json: @vote.errors, status: :unprocessable_entity }
end
end
end
# PUT /votes/1
# PUT /votes/1.json
def update
@vote = Vote.find(params[:id])
respond_to do |format|
if @vote.update_attributes(params[:vote])
format.html { redirect_to @vote, notice: 'Vote was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @vote.errors, status: :unprocessable_entity }
end
end
end
# DELETE /votes/1
# DELETE /votes/1.json
def destroy
@vote = Vote.find(params[:id])
@vote.destroy
respond_to do |format|
format.html { redirect_to votes_url }
format.json { head :no_content }
end
end
end
这是新的投票视图
<%= form_for(@vote) do |f| %>
<% if @vote.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(@vote.errors.count, "error") %> prohibited this vote from being saved:</h2>
<ul>
<% @vote.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :product %><br />
<%= f.text_field :product %>
</div>
<div class="field">
<%= f.label :user %><br />
<%= f.text_field :user %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
我真的需要你的帮助来解决这个问题,很难找到一个带有has_many的教程:通过包括完整的MVC示例,我认为我的问题在视图上,但我不知道。< / p>
谢谢!
答案 0 :(得分:1)
如果仔细观察,该错误消息会告诉您需要知道的一切。
ActiveModel::MassAssignmentSecurity::Error in VotesController#create
Can't mass-assign protected attributes: product, user
您可能不熟悉“质量分配”一词。它在创建时分配了一个或多个对象属性。即in VotesController#create。
在不受保护的情况下,群发分配会让黑客向您的网站表单中的任何和所有对象属性分配值,无论您是否打算提供访问权限。
那些attar_accessible进来的地方。它迫使您明确了用户应该有权访问的模型的哪些属性。任何未作为符号传递到宏中的任何符号都将protected attributes与Can't mass-assign protected attributes: product, user中一样。
脚手架集合attr_accessible :product_id, :user_id在创建模型时,但它不知道你将使用对象而不是id值来分配它们。
你可以解决这两种方式之一。
更改您的表单,以便类似哈希的params变量像这样分配
params[vote][product_id]
或更改您的模型
attr_accessible :product, :user