移动的params允许从模型到控制器的责任,并使用comment_attributes而不是评论@vinodadhikary指出我
使用better_errors REPL,我将问题追溯到sanitize_for_mass_assignment方法。执行attributes.permitted?时,它会返回false。但是,attributes.permit(:article_id, :name, :email, :body)正确地返回我的入口参数!:
>> attributes
=> {"name"=>"Commenter", "email"=>"commenter@mail.com", "body"=>"Here is the comment >> body!! :D"}
>> attributes.permit(:article_id, :name, :email, :body)
=> {"name"=>"Commenter", "email"=>"commenter@mail.com", "body"=>"Here is the comment body!! :D"}
>> attributes.permitted?
=> false
试图与Rails 4取得联系,我遇到了(我认为)强参数使用的问题。
我有一个文章课,可以有很多评论。在创建新评论时:
@comment = @article.comments.build(params[:comment])
我收到以下错误(指向此行):
/ articles / 1 / comments
中的ActiveModel :: ForbiddenAttributesError
模型如下:
class Article < ActiveRecord::Base
validates_presence_of :title, :content
validates_uniqueness_of :title
has_many :comments, :dependent => :destroy
accepts_nested_attributes_for :comments
end
评论:
class Comment < ActiveRecord::Base
belongs_to :article
validates_presence_of :article_id, :author, :body, :content
end
文章控制器在私有部分中有这个:
def article_params
params.require(:article).permit(:title, :content, comments_attributes: [:article_id, :name, :email, :body])
end
评论控制器代码为:
def create
@article = Article.find(params[:article_id])
@comment = @article.comments.build(params[:comment]) # <--- It fails here
respond_to do |format|
if @comment.save
format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
format.json { render action: 'show', status: :created, location: @comment }
else
format.html { render action: 'new' }
format.json { render json: @comment.errors, status: :unprocessable_entity }
end
end
end
答案 0 :(得分:3)
模型中的方法article_params和comment_params属于各自的控制器,而不属于模型。我们的想法是过滤在控制器中而不是在模型中传递给模型的参数。请阅读http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html,了解如何允许嵌套属性的属性。
您的模型应如下:
# Articles.rb
class Article < ActiveRecord::Base
validates_presence_of :title, :content
validates_uniqueness_of :title
has_many :comments, :dependent => :destroy
accepts_nested_attributes_for :comments
end
# Comment.rb
class Comment < ActiveRecord::Base
belongs_to :article
validates_presence_of :article_id, :author, :body, :content
end
然后将强参数移动到Articles Controller,如下所示:
#ArticlesController.rb
def create
@article = Article.find(params[:article_id])
@comment = @article.comments.build(params[:comment])
respond_to do |format|
if @comment.save
format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
format.json { render action: 'show', status: :created, location: @comment }
else
format.html { render action: 'new' }
format.json { render json: @comment.errors, status: :unprocessable_entity }
end
end
end
private
def article_params
params.require(:article).permit(:title, :content, comments_attributes: [:article_id, :author, :email, :body, :content])
end
答案 1 :(得分:0)
permit params方法名称应与模型/控制器相同 例如,如果模型名称为“ recent_post”,则许可方法名称应为
def last_post_params .............. 结束