无法批量分配受保护的属性:电子邮件

时间:2013-06-23 17:58:15

标签: ruby-on-rails omniauth mass-assignment

我知道这是一个流行的错误,但我有类User<的ActiveRecord :: Base的 attr_protected:provider,:uid,:name,:我的用户模型中的电子邮件,但仍然出现此错误。

以下是详细信息:

ActiveModel::MassAssignmentSecurity::Error in UsersController#update

Can't mass-assign protected attributes: email
Rails.root: /Users/ewalker/Documents/alift

Application Trace | Framework Trace | Full Trace
app/controllers/users_controller.rb:19:in `update'
Request

Parameters:

{"utf8"=>"✓",
 "_method"=>"put",
 "authenticity_token"=>"F+5itYNqPddn4usVgIJwzG+PSz50Up7mqZs50x3f9Ho=",
 "user"=>{"email"=>"erin@walkersmidas.com"},
 "commit"=>"Sign in",
 "id"=>"1"}

我的用户控制器:

class UsersController < ApplicationController



def show
  @user = User.find(params[:id]) 
end

def index
  @users = User.all
end

def edit
  @user = User.find(params[:id])
end

def update
  @user = User.find(params[:id])
  if @user.update_attributes(params[:user])
    redirect_to @user
  else
    render :edit
  end
end
end

用户模型:

class User < ActiveRecord::Base
attr_protected :provider, :uid, :name, :email

has_many :posts, dependent: :destroy

  def self.from_omniauth(auth)
    where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
      user.provider = auth.provider
      user.uid = auth.uid
      user.name = auth.info.name
      user.oauth_token = auth.credentials.token
      user.oauth_expires_at = Time.at(auth.credentials.expires_at)
      user.save!
    end
  end
end

和编辑表单:

<%= form_for(@user) do |f| %>
  <%= f.label :email %>
  <%= f.text_field :email %>
  <br />
  <%= f.submit "Sign " %>
<% end %>

由于

1 个答案:

答案 0 :(得分:4)

attr_protected可以防止质量分配,因此可以预料到错误。 attr_accessible :email可能是您想要的,它允许在批量分配中设置属性。