无法批量分配受保护的属性 - 500请求内部错误

时间:2014-01-09 00:53:45

标签: ruby-on-rails mass-assignment

这是平均质量分配受保护属性问题。在我的应用程序加载应用程序时,我在Chrome的网络选项卡中出现内部500错误。现在我在create中执行了以下WidgetController操作:

  def create
    @widget = Widget.new(params[:widget])
    @user = current_user
    if @widget.save
      WidgetPermission.create( widget: @widget, user: @user)
      render json: @widget, status: :created, location: @widget
    else
      render json: @widget.errors, status: :unprocessable_entity
    end
  end

我的模型设置如下:

class WidgetPermission < ActiveRecord::Base
  attr_accessible :action, :description, :name, :subject_class, :subject_id, :user_id, :widget_id
  belongs_to :user
  belongs_to :widget
end


class Widget < ActiveRecord::Base
  attr_accessible :name, :snippets, :snippets_attributes
  has_many :snippets
  has_many :widget_permissions
end


require 'rolify'
class User < ActiveRecord::Base
  extend Rolify
  rolify
  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable
  devise :invitable, :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :role_ids, :as => :admin
  attr_accessible :name, :email, :password, :password_confirmation, :remember_me

  has_many :widgets, through: :widget_permissions
  has_many :widget_permissions
end

我从响应选项卡中检查失败请求的回溯如下:

ActiveModel::MassAssignmentSecurity::Error at /api/widgets
==========================================================

> Can't mass-assign protected attributes: widget, user

app/controllers/widgets_controller.rb, line 31
----------------------------------------------

``` ruby
   26     # POST /widgets.json
   27     def create
   28       @widget = Widget.new(params[:widget])
   29       @user = current_user
   30       if @widget.save
>  31         WidgetPermission.create( widget: @widget, user: @user)
   32         #can :manage, Widget, id: @widget.id
   33         #user.widget_permissions.create action: :manage, subject_class: 'Widget', subject_id: @widget.id
   34         render json: @widget, status: :created, location: @widget
   35       else
   36         render json: @widget.errors, status: :unprocessable_entity
```

App backtrace
-------------

 - app/controllers/widgets_controller.rb:31:in `create'

Full backtrace
--------------

 - activemodel (3.2.12) lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
 - activemodel (3.2.12) lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
 - activemodel (3.2.12) lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
 - activemodel (3.2.12) lib/active_model/mass_assignment_security.rb:230:in `sanitize_for_mass_assignment'
 - activerecord (3.2.12) lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
 - activerecord (3.2.12) lib/active_record/base.rb:497:in `initialize'
 - activerecord (3.2.12) lib/active_record/persistence.rb:44:in `create'

2 个答案:

答案 0 :(得分:2)

attr_accessible已标记为user_id, widget_id,但发送参数为

WidgetPermission.create( widget: @widget, user: @user)

试试这个:

WidgetPermission.create( widget_id: @widget.id, user_id: @user.id)

答案 1 :(得分:0)

请注意您在模型中为attr_accessible添加的内容以及您正在访问的内容

:subject_id,:WidgetPermission中的user_id

class WidgetPermission < ActiveRecord::Base
attr_accessible :action, :description, :name, :subject_class, :subject_id, :user_id, :widget_id
belongs_to :user
belongs_to :widget
end

创建

WidgetPermission.create( widget: @widget, user: @user)