当我向Rails 4控制器发送更新时,我收到了ForbiddenAttributesError。
模型是'公司',它的控制器中有一个私有方法:
def company_params
params.require(:company).permit( :adress_id,
:name,
:zusatz,
:kontakt,
:strasse,
:adresszusatz,
:plz,
:ort,
:telefon,
:fax,
:natel,
:email,
:alternative_email,
:url,
:anbieter_id,
:eintrittsdatum,
:betrag,
:bemerkungen,
:betrag_gwrj,
:betrag_sgkv,
:rechnungszusatz,
:zusatzfeld_7,
:zusatzfeld_8,
:zusatzfeld_9,
:zusatzfeld_10,
:datum_mutation,
:verzeichnis_id,
:industry_ids => []#,
#:latitude,
#:longitude
)
end
BetterErrors向我展示了这些请求参数:
{"utf8"=>"✓", "_method"=>"patch", "authenticity_token"=>"0rDHB7BNuHikL3/Fktdaj6BFFDinpUwPdpy+12HdMw4=", "company"=>{"adress_id"=>"", "name"=>"AGIP Tankstelle Rapperswil", "zusatz"=>"", "kontakt"=>"Eni Suisse S.A.", "strasse"=>"Zürcherstrasse 92", "adresszusatz"=>"", "plz"=>"8640", "ort"=>"Rapperswil", "telefon"=>"", "fax"=>"", "natel"=>"", "email"=>"", "url"=>"", "anbieter_id"=>"", "eintrittsdatum"=>"", "betrag"=>"", "bemerkungen"=>"", "betrag_gwrj"=>"", "betrag_sgkv"=>"", "rechnungszusatz"=>"", "zusatzfeld_7"=>"test", "zusatzfeld_8"=>"", "zusatzfeld_9"=>"", "zusatzfeld_10"=>"", "datum_mutation"=>"", "verzeichnis_id"=>"HR & Stadt", "alternative_email"=>""}, "commit"=>"Speichern", "action"=>"update", "controller"=>"companies", "id"=>"375"}
表格如下:
...
<%= form_for @company, url: {action: "update"}, html: {class: "form-horizontal"} do |f| %>
<div class="col-md-6">
<div class="form-group">
<%= f.label :adress_id %>
<%= f.text_field :adress_id %>
</div>
...
<%= f.submit "Speichern" %>
</div>
<% end %>
这是控制器中的更新方法:
def update
@company = Company.find(params[:id])
if @company.update_attributes(params[:company])
redirect_to(@company)
else
render :edit
end
end
如果我在rails控制台中使用“company”哈希并通过Company.create [hash]创建公司,那么它可以正常工作。知道为什么Rails会向我抛出这个错误吗?
答案 0 :(得分:1)
请确保在控制器中使用update_attributes
中的company_params:
def update
@company = Company.find(params[:id])
respond_to do |format|
# Here use company_params and not params[:company]
if @company.update_attributes(company_params)
format.html { redirect_to @company, notice: 'company updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @company.errors, status: :unprocessable_entity }
end
end
end