我是Ruby on Rails的全新产品。 我正在使用ActiveAdmin,我在创建AdminUser时遇到问题
Admin :: AdminUsersController #create中的ActiveModel :: ForbiddenAttributesError ::加载ActiveModel ForbiddenAttributesError
请求
参数:
{ “UTF8”=> “中✓”,
“authenticity_token”=> “中NVV ++ 6GNTdA / nDzw1iJ6Ii84pZPcv2mzg0PK2Cg9Ag0 =”,
“admin_user”=> { “电子邮件”=> “中admin2@example.com”},
“commit”=>“创建管理员用户”} *
Rails 4.1.0
activeadmin 1.0.0
ruby 2.1
应用/管理/ admin_user.rb
ActiveAdmin.register AdminUser do
index do
column :email
column :current_sign_in_at
column :last_sign_in_at
column :sign_in_count
default_actions
end
form do |f|
f.inputs "Admin Details" do
f.input :email
end
f.actions
end
end
应用/模型/ admin_user.rb
class AdminUser < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
after_create { |admin| admin.send_reset_password_instructions }
def password_required?
new_record? ? false : super
end
end
的Gemfile
source 'https://rubygems.org'
gem 'rails', '4.1.0'
gem 'sqlite3'
gem 'sass-rails', '~> 4.0.3'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.0.0'
gem 'jquery-rails'
gem 'turbolinks'
gem 'jbuilder', '~> 2.0'
gem 'activeadmin', github: 'gregbell/active_admin'
gem 'polyamorous', github: 'activerecord-hackery/polyamorous'
gem 'ransack', github: 'activerecord-hackery/ransack'
gem 'formtastic', github: 'justinfrench/formtastic'
gem 'devise'
gem 'sdoc', '~> 0.4.0', group: :doc
配置/环境/ development.rb
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# In the development environment your application's code is reloaded on
# every request. This slows down response time but is perfect for development
# since you don't have to restart the web server when you make code changes.
config.cache_classes = false
# Do not eager load code on boot.
config.eager_load = false
# Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
# Don't care if the mailer can't send.
config.action_mailer.raise_delivery_errors = false
# Print deprecation notices to the Rails logger.
config.active_support.deprecation = :log
# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = :page_load
# Debug mode disables concatenation and preprocessing of assets.
# This option may cause significant delays in view rendering with a large
# number of complex assets.
config.assets.debug = true
# Adds additional error checking when serving assets at runtime.
# Checks for improperly declared sprockets dependencies.
# Raises helpful error messages.
config.assets.raise_runtime_errors = true
# Raises error for missing translations
# config.action_view.raise_on_missing_translations = true
# Sending emails works
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
end
答案 0 :(得分:46)
Rails 4使用强参数,将属性白名单从模型移动到控制器。必须指定要在数据库中保存的属性。您未允许代码中的属性,这就是您收到ActiveModel::ForbiddenAttributesError。
请参阅 ActiveAdmin : Setting up Strong Parameters
的文档您可以使用permit_params方法以下列方式设置强参数,该方法会创建名为permitted_params的方法,在覆盖create或update操作时使用此方法:< / p>
ActiveAdmin.register AdminUser do
## ...
permit_params :attr1, :attr2 ## Add this line
end
将:attr1,:attr2等替换为您要列入白名单的实际属性名称。例如::email
答案 1 :(得分:1)
您所看到的是新版Rails的安全功能。您必须为属性创建白名单,这些属性可以由用户输入的参数更新。否则,您必须手动设置每个值。
以下是将某些参数列入白名单的示例:
ActiveAdmin.register Post do
permit_params :title, :content, :publisher_id
end
请参阅有关该主题的ActiveAdmin文档: https://github.com/gregbell/active_admin/blob/master/docs/2-resource-customization.md#setting-up-strong-parameters