警告:无法批量分配受保护的属性:name强参数

时间:2013-10-09 03:30:40

标签: ruby-on-rails strong-parameters inherited-resources

我正在使用Rails 3.2.14,inherited_resource和strong_parameter gem。

注释掉

 #config.active_record.whitelist_attributes = false. in production.rb

 #config.active_record.mass_assignment_sanitizer = :strict in developemt.rb

将此添加到初始化

 ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)

但是继续得到这个大规模的赋值错误,其中name未能分配给模型并导致generate_slug函数失败:

    Started POST "/inventory" for 192.168.1.74 at 2013-10-09 16:24:31 +1300
    Processing by ProductsController#create as JSON
      Parameters: {"name"=>"Jjkm", "sku"=>"Jimm", "product"=>{"name"=>"Jjkm"}}
      User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1
      Company Load (0.2ms)  SELECT "companies".* FROM "companies" WHERE "companies"."id" = $1 LIMIT 1  [["id", "1"]]
    WARNING: Can't mass-assign protected attributes: name
       (0.3ms)  BEGIN
       (0.1ms)  COMMIT
      CompaniesUser Load (0.5ms)  SELECT "companies_users".* FROM "companies_users" WHERE "companies_users"."user_id" = 1 AND "companies_users"."company_id" = 1 LIMIT 1
    .........#<Product id: nil, name: nil, description: nil, avaliable_on: nil, deleted_at: nil, meta_description: nil, meta_keywords: nil, created_at: nil, updated_at: nil, company_id: 1, slug: nil, cid: nil, product_type_id: nil, vendor_id: nil, url_1: nil, url_2: nil, state: "inactive", created_by: nil, model_no: nil>
       (0.2ms)  BEGIN
       (0.2ms)  ROLLBACK
    Completed 500 Internal Server Error in 13ms

    NoMethodError (undefined method `parameterize' for nil:NilClass):
      app/models/product.rb:117:in `generate_slug'
      app/controllers/products_controller.rb:13:in `create'
      app/controllers/application_controller.rb:80:in `scope_current_company'

型号:

class Product < ActiveRecord::Base
   before_validation :generate_slug

  def generate_slug
   self.slug ||= name.parameterize
  end
end

控制器:

class ProductsController < ResourceController
  load_and_authorize_resource :except => [:index]
  def create
    logger.info ".........#{@product.inspect}"
    @product.created_by = current_user.username
    create!
  end

   def build_resource_params
     [params.require(:product).permit(*permitted_product_attributes)]
   end
end

permitted_product_attributes = [
:url_1, :url_2, :sku, :avaliable_on, :type_name, :deleted_at, :description, :meta_description, :meta_keywords, 
:name, :cost_price, :model_no, :init_count_on_hand, :vendor_name, :is_infinite, :init_warehouse, :created_by
]

我的宝石清单:

    Using rake (10.1.0) 
    Using i18n (0.6.5) 
    Using multi_json (1.8.1) 
    Using activesupport (3.2.14) 
    Using builder (3.0.4) 
    Using activemodel (3.2.14) 
    Using erubis (2.7.0) 
    Using journey (1.0.4) 
    Using rack (1.4.5) 
    Using rack-cache (1.2) 
    Using rack-test (0.6.2) 
    Using hike (1.2.3) 
    Using tilt (1.3.7) 
    Using sprockets (2.2.2) 
    Using actionpack (3.2.14) 
    Using mime-types (1.25) 
    Using polyglot (0.3.3) 
    Using treetop (1.4.15) 
    Using mail (2.5.4) 
    Using actionmailer (3.2.14) 
    Using active_utils (2.0.1) 
    Using arbre (1.0.1) 
    Using sass (3.2.12) 
    Using thor (0.18.1) 
    Using bourbon (3.1.8) 
    Using bcrypt-ruby (3.1.2) 
    Using orm_adapter (0.4.0) 
    Using rack-ssl (1.3.3) 
    Using json (1.8.0) 
    Using rdoc (3.12.2) 
    Using railties (3.2.14) 
    Using atomic (1.1.14) 
    Using thread_safe (0.1.3) 
    Using warden (1.2.3) 
    Using devise (3.1.1) 
    Using formtastic (2.2.1) 
    Using has_scope (0.6.0.rc) 
    Using responders (1.0.0) 
    Using inherited_resources (1.4.1) 
    Using jquery-rails (2.1.4) 
    Using kaminari (0.14.1) 
    Using arel (3.0.2) 
    Using tzinfo (0.3.38) 
    Using activerecord (3.2.14) 
    Using polyamorous (0.5.0) 
    Using meta_search (1.1.3) 
    Using activeresource (3.2.14) 
    Using bundler (1.3.5) 
    Using rails (3.2.14) 
    Using activeadmin (0.6.1) 
    Using money (5.1.1) 
    Using mini_portile (0.5.1) 
    Using nokogiri (1.6.0) 
    Using activemerchant (1.38.1) 
    Using activerecord-import (0.4.1) 
    Using ancestry (2.0.0) 
    Using angular-ui-bootstrap-rails (0.6.0.0) 
    Using angularjs-rails (1.0.8) 
    Using best_in_place (2.1.0) 
    Using bootstrap-wysihtml5-rails (0.3.1.23) 
    Using cancan (1.6.10) 
    Using highline (1.6.19) 
    Using net-ssh (2.7.0) 
    Using net-scp (1.1.2) 
    Using net-sftp (2.1.2) 
    Using net-ssh-gateway (1.2.0) 
    Using capistrano (2.15.5) 
    Using capistrano_colors (0.5.5) 
    Using xpath (2.0.0) 
    Using capybara (2.1.0) 
    Using carrierwave (0.9.0) 
    Using carrierwave_backgrounder (0.3.0) 
    Using timers (1.1.0) 
    Using celluloid (0.15.2) 
    Using ffi (1.9.0) 
    Using childprocess (0.3.9) 
    Using chronic (0.10.2) 
    Using ci_reporter (1.9.0) 
    Using ckeditor (4.0.6) 
    Using client_side_validations (3.2.6) 
    Using simple_form (2.1.0) 
    Using client_side_validations-simple_form (2.1.0) 
    Using coffee-script-source (1.6.3) 
    Using execjs (2.0.2) 
    Using coffee-script (2.2.0) 
    Using coffee-rails (3.2.2) 
    Using turbolinks (1.1.1) 
    Using client_side_validations-turbolinks (1.1.1) 
    Using cliver (0.2.2) 
    Using coderay (1.0.9) 
    Using commonjs (0.2.7) 
    Using connection_pool (1.1.0) 
    Using country_select (1.2.0) 
    Using daemons (1.1.9) 
    Using deep_cloneable (1.5.5) 
    Using devise_invitable (1.3.0) 
    Using diff-lcs (1.2.4) 
    Using ejs (1.1.1) 
    Using eventmachine (1.0.3) 
    Using http_parser.rb (0.5.3) 
    Using em-websocket (0.5.0) 
    Using exception_notification (4.0.1) 
    Using excon (0.25.3) 
    Using factory_girl (4.2.0) 
    Using factory_girl_rails (4.2.1) 
    Using multipart-post (1.2.0) 
    Using faraday (0.8.8) 
    Using formatador (0.2.4) 
    Using ruby-hmac (0.4.0) 
    Using fog (1.15.0) 
    Using font-awesome-rails (3.2.1.3) 
    Using rb-fsevent (0.9.3) 
    Using rb-inotify (0.9.2) 
    Using listen (2.0.1) 
    Using lumberjack (1.0.4) 
    Using method_source (0.8.2) 
    Using slop (3.4.6) 
    Using pry (0.9.12.2) 
    Using guard (2.0.3) 
    Using guard-jasmine (1.18.3) 
    Using guard-livereload (2.0.0) 
    Using rspec-core (2.14.5) 
    Using rspec-expectations (2.14.3) 
    Using rspec-mocks (2.14.3) 
    Using rspec (2.14.1) 
    Using guard-rspec (3.1.0) 
    Using haml (4.0.3) 
    Using hashie (2.0.5) 
    Using httpauth (0.2.0) 
    Using jasminerice (0.0.10) 
    Using jquery-datatables-rails (1.11.2) from git://github.com/rweng/jquery-datatables-rails.git (at master) 
    Using jquery-fileupload-rails (0.4.1) 
    Using jquery-ui-rails (4.0.5) 
    Using jwt (0.1.8) 
    Using less (2.4.0) 
    Using less-rails (2.4.2) 
    Using libv8 (3.16.14.3) 
    Using subexec (0.2.3) 
    Using mini_magick (3.6.0) 
    Using newrelic_rpm (3.6.7.159) 
    Using ng-rails-csrf (0.1.0) 
    Using oauth (0.4.7) 
    Using oauth2 (0.8.1) 
    Using oj (2.1.6) 
    Using omniauth (1.1.4) 
    Using omniauth-oauth2 (1.1.1) 
    Using omniauth-facebook (1.4.1) 
    Using omniauth-oauth (1.0.1) 
    Using pg (0.17.0) 
    Using websocket-driver (0.3.0) 
    Using poltergeist (1.4.1) 
    Using pr_geohash (1.0.0) 
    Using quiet_assets (1.0.2) 
    Using rabl (0.8.6) 
    Using rack-protection (1.5.0) 
    Using rails-backbone (0.9.10) 
    Using redis (3.0.5) 
    Using redis-namespace (1.3.1) 
    Using redis_pagination (1.0.0) 
    Using ref (1.0.5) 
    Using rsolr (1.0.9) 
    Using rspec-rails (2.14.0) 
    Using rubyzip (0.9.9) 
    Using rvm (1.11.3.8) 
    Using rvm-capistrano (1.5.1) 
    Using sass-rails (3.2.6) 
    Using websocket (1.0.7) 
    Using selenium-webdriver (2.35.1) 
    Using sidekiq (2.15.1) 
    Using sinatra (1.3.6) 
    Using temple (0.6.7) 
    Using slim (1.3.8) 
    Using state_machine (1.2.0) 
    Using strong_parameters (0.2.1) 
    Using sunspot (2.0.0) 
    Using sunspot_rails (2.0.0) 
    Using sunspot_solr (2.0.0) 
    Using therubyracer (0.12.0) 
    Using thin (1.5.1) 
    Using turbo-sprockets-rails3 (0.3.10) 
    Using twitter-bootstrap-rails (2.2.8) 
    Using uglifier (2.2.1) 
    Using whenever (0.8.4) 
    Using wicked_pdf (0.9.7) 
    Using yajl-ruby (1.1.0) 

1 个答案:

答案 0 :(得分:1)

忘记删除:

  class ActiveRecord::Base
    attr_accessible
    attr_accessor :accessible

    private
    def mass_assignment_authorizer(role = :default)
      if accessible == :all
        self.class.protected_attributes
      else
        super + (accessible || [])
      end
    end
  end