ActiveModel :: ForbiddenAttributesError - Rails4

时间:2014-05-12 14:58:01

标签: ruby-on-rails-4 devise

环境:

Windows 8.1
Rails4
Ruby 2

我正在使用Devise,我有两个独立的控制器:users_controller.rb和registrations_controller.rb。

以下是我的registrations_controller.rb:

class RegistrationsController < Devise::RegistrationsController

  before_filter :update_sanitized_params, if: :devise_controller?

  def update_sanitized_params
    devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:first, :last,
                                                           :email, :password,
                                                           :password_conf, :password_changed_at)}
    devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:first, :last, :salutation,
                                                           :email, :password,
                                                           :password_conf, :password_changed_at, :current_passwor)}
  end

  # GET /registrations/new
  def new
    super
  end

  # POST /registrations
  # POST /registrations.json
  def create
    @user = User.new(registration_params)
    @user.email = @user.email.downcase
    #@user.slug = "#{@user.first.downcase}_#{@user.last.downcase}_#{@user.email}"
    respond_to do |format|
      if @user.save
        format.html { redirect_to @user, notice: t('registration_successfully_created') }
        format.json { render :show, status: :created, location: @user }
      else
        format.html { render :new }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /registrations/1
  # DELETE /registrations/1.json
  def destroy
    @user.destroy
    respond_to do |format|
      format.html { redirect_to registrations_url }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_registration
      @user = User.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def registration_params
      params[:user]
    end
end

以下是我的用户模型:user.rb 

class User < ActiveRecord::Base
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable,
         :password_expirable, :confirmable, :lockable, :timeoutable

  validates :first, presence: true
  validates :last, presence: true
  validates :email, :email => true, presence: true, uniqueness: {case_sensitive: false}
  before_save { |user| user.email = email.downcase }
end

当我尝试创建新用户时,收到错误消息:

ActiveModel::ForbiddenAttributesError

注册控制器中突出显示以下行:

 @user = User.new(registration_params)

附加调试信息:

{"utf8"=>"✓", "authenticity_token"=>"CRwY4emBZJXhH7kMNGQZR5H1D3D0IJrHCnBzs5PTE8U=", "user"=>{"email"=>"xxxx@jkjjjkj.com", "password"=>"xxxxxxx", "password_confirmation"=>"xxxxxxx", "first"=>"John", "last"=>"Doe"}, "commit"=>"Create User", "action"=>"create", "controller"=>"registrations"}

Any ideas?

1 个答案:

答案 0 :(得分:1)

您已经为强参数定义了一个方法,但是您不能只返回params哈希 - 而是必须将您希望传递给模型的属性专门列入白名单。

def registration_params
  params.require(:user).permit(:email, :password, :password_confirmation, ...)   # etc for the rest of your attributes
end
相关问题
最新问题