Rails 4删除嵌套属性,适用于创建但不适用于编辑/更新

时间:2014-07-05 09:10:13

标签: ruby-on-rails ruby-on-rails-3 ruby-on-rails-4 nested-attributes

所以我正在使用Railscast

我知道Rails 4中的Strong参数有一些变化。

First relevant question

Second relevant question

我已经四倍检查了我的实现,但无法看到我出错的地方。就目前而言,在最初提交患者时(即创建方法)勾选“销毁”框,按预期工作,并将删除任何具有复选框的药物,并允许任何不具有(从三种形式输入)它提供)。

然而,当我随后编辑该患者时,任何检查被删除的药物都是重复的(所以我最终得到的药物比我开始时更多),而且任何药物都是检查删除似乎没有改变。

因此,如果有两种药物附加“Med1”和“Med2”,并且我编辑患者,如果两者都被标记为删除,我仍然会以“Med1”和“Med2”结束。如果仅将“Med1”标记为删除,我将以“Med1”和“Med2”以及额外的“Med2”结束。如果两者都没有标记为删除,我将最终得到两个“Med1”和“Med2”。

#patient.rb
class Patient < ActiveRecord::Base
has_many :procedures
has_many :medications, dependent: :destroy
has_many :previous_operations, dependent: :destroy

accepts_nested_attributes_for :medications, :allow_destroy => true, :reject_if => lambda { |a| a[:name].blank? },
end

#views/patients/_form.html.erb
<%= form_for(@patient) do |f| %>
  <% if @patient.errors.any? %>
    <div id="error_explanation">
      <h2><%= pluralize(@patient.errors.count, "error") %> prohibited this patient from being saved:</h2>

      <ul>
      <% @patient.errors.full_messages.each do |msg| %>
        <li><%= msg %></li>
      <% end %>
      </ul>
    </div>
  <% end %>

  <%= f.fields_for :medications do |builder| %>
    <%= render "medication_fields", :f => builder %>
  <% end %>

  <div class="field">
    <%= f.label :first_name %><br>
    <%= f.text_field :first_name %>
  </div>
  <div class="field">
    <%= f.label :last_name %><br>
    <%= f.text_field :last_name %>
  </div>
  <div class="actions">
    <%= f.submit %>
  </div>
<% end %>

#views/patients/medications_fields.html
<div class="field">
  <%= f.label :name %><br>
  <%= f.text_field :name %>
</div>
<div class="field">
  <%= f.label :_destroy, "Remove Medication" %>
  <%= f.check_box :_destroy %>
</div>

#controllers/patients_controller.rb
class PatientsController < ApplicationController
  before_action :set_patient, only: [:show, :edit, :update, :destroy]

  # GET /patients
  # GET /patients.json
  def index
    @patients = Patient.all
  end

  # GET /patients/1
  # GET /patients/1.json
  def show
  end

  # GET /patients/new
  def new
    @patient = Patient.new
    3.times { @patient.medications.build }
  end

  # GET /patients/1/edit
  def edit
  end

  # POST /patients
  # POST /patients.json
  def create
    @patient = Patient.new(patient_params)

    respond_to do |format|
      if @patient.save
        format.html { redirect_to @patient, notice: 'Patient was successfully created.' }
        format.json { render action: 'show', status: :created, location: @patient }
      else
        format.html { render action: 'new' }
        format.json { render json: @patient.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /patients/1
  # PATCH/PUT /patients/1.json
  def update
    respond_to do |format|
      if @patient.update(patient_params)
        format.html { redirect_to @patient, notice: 'Patient was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @patient.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /patients/1
  # DELETE /patients/1.json
  def destroy
    @patient.destroy
    respond_to do |format|
      format.html { redirect_to patients_url }
      format.json { head :no_content }
    end
    flash[:notice] = "Patient was successfully deleted."
  end

  private

    # Never trust parameters from the scary internet, only allow the white list through.
    def patient_params
      params.require(:patient).permit(:first_name, :last_name, medications_attributes: [:name, :_destroy])
    end

end

我一直非常小心,检查过一百万次:通过强参数允许_destroy标志,但仍然没有骰子。

任何帮助表示赞赏,必须是我看不到的明显的东西。

修改

改变这个...... 

    # Never trust parameters from the scary internet, only allow the white list through.
    def patient_params
      params.require(:patient).permit(:first_name, :last_name, medications_attributes: [:name, :_destroy])
    end

对此... 

    # Never trust parameters from the scary internet, only allow the white list through.
    def patient_params
      params.require(:patient).permit!
    end

似乎工作正常,所以我仍然确定它与强参数有关,但后者不太安全我确定而不是最佳实践。

1 个答案:

答案 0 :(得分:34)

当你做的时候

# Never trust parameters from the scary internet, only allow the white list through.
def patient_params
  params.require(:patient).permit!
end

它允许您的所有属性,不推荐。它更像是一种黑客而不是解决方案。

如果你看看你的问题

Rails 4 deleting nested attributes, works on create but not on edit/update

如果你看看你允许的参数

# Never trust parameters from the scary internet, only allow the white list through.
def patient_params
  params.require(:patient).permit(:first_name, :last_name, medications_attributes: [:name, :_destroy])
end

这将有助于创建患者,但不会更新或编辑 ,因为当您创建新记录时不需要如果您想要更新或编辑记录,您还需要其ID ,则允许您

修正:

只需 id 属性传递给允许的属性,它就能为您效用

# Never trust parameters from the scary internet, only allow the white list through.
def patient_params
  params.require(:patient).permit(:id, :first_name, :last_name, medications_attributes: [:id,:name, :_destroy])
end
相关问题
最新问题