Rails:Model Update上的ForbiddenAttributesError

时间:2013-12-17 15:55:50

标签: ruby-on-rails forms activerecord ruby-on-rails-4

当我向Rails 4控制器发送更新时,我收到了ForbiddenAttributesError。

模型是'公司',它的控制器中有一个私有方法:

 def company_params
  params.require(:company).permit( :adress_id,
                                  :name,
                                  :zusatz,
                                  :kontakt,
                                  :strasse,
                                  :adresszusatz,
                                  :plz,
                                  :ort,
                                  :telefon,
                                  :fax,
                                  :natel,
                                  :email,
                                  :alternative_email,
                                  :url,
                                  :anbieter_id,
                                  :eintrittsdatum,
                                  :betrag,
                                  :bemerkungen,
                                  :betrag_gwrj,
                                  :betrag_sgkv,
                                  :rechnungszusatz,
                                  :zusatzfeld_7,
                                  :zusatzfeld_8,
                                  :zusatzfeld_9,
                                  :zusatzfeld_10,
                                  :datum_mutation,
                                  :verzeichnis_id,
                                  :industry_ids => []#,
                                  #:latitude,
                                  #:longitude 
                                  )
end

BetterErrors向我展示了这些请求参数:

{"utf8"=>"✓", "_method"=>"patch", "authenticity_token"=>"0rDHB7BNuHikL3/Fktdaj6BFFDinpUwPdpy+12HdMw4=", "company"=>{"adress_id"=>"", "name"=>"AGIP Tankstelle Rapperswil", "zusatz"=>"", "kontakt"=>"Eni Suisse S.A.", "strasse"=>"Zürcherstrasse 92", "adresszusatz"=>"", "plz"=>"8640", "ort"=>"Rapperswil", "telefon"=>"", "fax"=>"", "natel"=>"", "email"=>"", "url"=>"", "anbieter_id"=>"", "eintrittsdatum"=>"", "betrag"=>"", "bemerkungen"=>"", "betrag_gwrj"=>"", "betrag_sgkv"=>"", "rechnungszusatz"=>"", "zusatzfeld_7"=>"test", "zusatzfeld_8"=>"", "zusatzfeld_9"=>"", "zusatzfeld_10"=>"", "datum_mutation"=>"", "verzeichnis_id"=>"HR & Stadt", "alternative_email"=>""}, "commit"=>"Speichern", "action"=>"update", "controller"=>"companies", "id"=>"375"}

表格如下:

...
<%= form_for @company, url: {action: "update"}, html: {class: "form-horizontal"} do |f| %>

    <div class="col-md-6">
      <div class="form-group">
        <%= f.label :adress_id %>
        <%= f.text_field :adress_id %>
      </div>
...
      <%= f.submit "Speichern" %>
    </div>

  <% end %>

这是控制器中的更新方法:

def update 
@company = Company.find(params[:id])
if @company.update_attributes(params[:company])
  redirect_to(@company)
else
  render :edit
end
end

如果我在rails控制台中使用“company”哈希并通过Company.create [hash]创建公司,那么它可以正常工作。知道为什么Rails会向我抛出这个错误吗?

1 个答案:

答案 0 :(得分:1)

请确保在控制器中使用update_attributes中的company_params:

  def update
    @company = Company.find(params[:id])

    respond_to do |format|

      # Here use company_params and not params[:company]
      if @company.update_attributes(company_params)
        format.html { redirect_to @company, notice: 'company updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @company.errors, status: :unprocessable_entity }
      end
    end
  end