我的应用程序名称是LibraryWebApplication,当我使用 / books / new 访问我的new.erb文件时,它给出了表单然后我填写了表单的标题,价格,描述然后我点击了按钮创建了它将跟随url / books / create ,但它没有将数据存储到数据库中,显示以下错误 BooksController #create中的ctiveModel :: ForbiddenAttributesError ::加载ActiveModel ForbiddenAttributesError 我是新来的rails无法找到解决方案 提取的来源(第13行):
def create
@book = Book.new(params[:book])-----this is line no:13
if @book.save
redirect_to :action => 'list'
else
Rails.root:D:/ RailsAppsExamples / LibrarayWebApplication
stacktrace是
Started POST "/books/create" for 127.0.0.1 at 2014-03-18 14:58:25 +0530
Processing by BooksController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"TfBODzvGFAE6RkCmfPAAx/EhkSJkCeYUemr129dKYjc=", "book"=>{"title"=>"Advanced Physics", "price"=>"523", "subject_id"=>"2", "description"=>"mathsbk"}, "commit"=>"Create"}
Completed 500 Internal Server Error in 0ms
ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):
app/controllers/books_controller.rb:13:in `create'
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/_source.erb (0.0ms)
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (15.6ms)
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (15.6ms)
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (62.5ms)
[2014-03-18 15:03:14] WARN Could not determine content-length of response body. Set content-length of the response or set Response#chunked = true
Started POST "/books/create" for 127.0.0.1 at 2014-03-18 15:04:48 +0530
Processing by BooksController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"TfBODzvGFAE6RkCmfPAAx/EhkSJkCeYUemr129dKYjc=", "book"=>{"title"=>"Advanced Physics", "price"=>"523", "subject_id"=>"2", "description"=>"mathsbk"}, "commit"=>"Create"}
Completed 500 Internal Server Error in 0ms
ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):
app/controllers/books_controller.rb:13:in `create'
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/_source.erb (0.0ms)
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (31.2ms)
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (0.0ms)
Rendered c:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (78.1ms)
我有两个型号
book.rb
class Book < ActiveRecord::Base
belongs_to :subject
validates_presence_of :title
validates_numericality_of :price, :message=>"Error Message"
end
subject.rb中
class Subject < ActiveRecord::Base
has_many :books
end
my controller is
books_controller.rb
class BookController < ApplicationController
def list
@books = Book.find(:all)
end
def show
@book = Book.find(params[:id])
end
def new
@book = Book.new
@subjects = Subject.find(:all)
end
def create
@book = Book.new(params[:book])
if @book.save
redirect_to :action => 'list'
else
@subjects = Subject.find(:all)
render :action => 'new'
end
end
我的routes.rb是
LibrarayWebApplication::Application.routes.draw do
get 'books/new'
post 'books/create'
get 'books/list'
get 'books/show'
get 'books/edit'
get 'books/show_subjects'
end
new.erb文件是
<h1>Add new book</h1>
<%= form_tag :action => 'create' %>
<p><label for="book_title">Title</label>:
<%= text_field 'book', 'title' %></p>
<p><label for="book_price">Price</label>:
<%= text_field 'book', 'price' %></p>
<p><label for="book_subject">Subject</label>:
<%= collection_select(:book,:subject_id,@subjects,:id,:name) %></p>
<p><label for="book_description">Description</label><br/>
<%= text_area 'book', 'description' %></p>
<%= submit_tag "Create" %>
<%= link_to 'Back', {:action => 'list'} %>
迁移文件
20140318084539_books.rb
class Books < ActiveRecord::Migration
def self.up
create_table :books do |t|
t.column :title, :string, :limit => 32, :null => false
t.column :price, :float
t.column :subject_id, :integer
t.column :description, :text
t.column :created_at, :timestamp
end
end
def self.down
drop_table :books
end
end
20140318084609_subjects.rb
class Subjects < ActiveRecord::Migration
def self.up
create_table :subjects do |t|
t.column :name, :string
end
Subject.create :name => "Physics"
Subject.create :name => "Mathematics"
Subject.create :name => "Chemistry"
Subject.create :name => "Psychology"
Subject.create :name => "Geography"
end
def self.down
drop_table :subjects
end
end
上面的代码是在数据库中创建的表,并且必须在database.yml中编写测试和生产。我们只编写开发... ...
我正在使用带有eclipse插件的Rails4.0.3
答案 0 :(得分:4)
我真的建议你阅读railsguides,因为你的代码有一些严重的问题。当我坚持你的问题时,答案是你必须使用强参数。那意味着什么?那么,强参数决定哪些属性可以列入白名单。
在Rails之前4属性通过attr_accessible在模型中列入白名单。 Rails 4使用强参数,属于控制器。
我将举一个基本的例子:
def create
@book = Book.new(book_params)
<rest of code>
end
private
def book_params
params.require(:book).permit(:title, :content)
end
现在不再禁止属性标题和内容,因为您明确允许使用强参数。
我想我应该写一篇专门针对强参数的文章,因为它们似乎有些混乱。在这里,您可以看到具有强参数的示例控制器:http://rails4guides.com/articles/clean-code-rails-style-guide