如何将这些Rails4参数列入白名单?

时间:2014-09-21 02:04:05

标签: forms ruby-on-rails-4 parameters sti whitelist

我在我的控制器中使用它:

def step_params  
  params.require(@type.underscore.to_sym).permit(  
  :id, :name, :note, :position, :institution_id, :protocol_id, :sequence_id,:orientation_id,  
  step_item_attributes: [:id, :note, :name, :position, :institution_id, :sequence_id, :orientation_id, :_destroy ],   
  step_list_attributes: [:id, :note, :name, :position, :institution_id, :sequence_id, :orientation_id, :_destroy ])  
end 

在提交了具有嵌套属性的表单后,在服务器日志中看到这一点:

Processing by StepsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"Xm6oMMJ2PLXhHfKS1RkIzG5LrCUAY6vLOF+e9XHgBE4=", "step_list"=>{"name"=>"bob bob", "note"=>"", "step_items_attributes"=>{"1411264481612"=>{"name"=>"", "orientation_id"=>"1", "sequence_id"=>"1", "note"=>"a note", "_destroy"=>"false"}}}, "commit"=>"Create Step list", "type"=>"StepList"}
  User Load (0.4ms)  SELECT  "users".* FROM "users"  WHERE "users"."id" = 1  ORDER BY "users"."id" ASC LIMIT 1
Unpermitted parameters: step_items_attributes
   (0.1ms)  begin transaction
  SQL (0.7ms)  INSERT INTO "steps" ("created_at", "institution_id", "name", "note", "updated_at") VALUES (?, ?, ?, ?, ?)  [["created_at", "2014-09-21 01:54:49.736556"], ["institution_id", 18], ["name", "bob bob"], ["note", ""], ["updated_at", "2014-09-21 01:54:49.736556"]]
   (37.5ms)  commit transaction
Redirected to http://localhost:3000/steps/54
Completed 302 Found in 47ms (ActiveRecord: 38.7ms)

在我看来,“未经许可的参数:step_items_attributes”

......是问题所在。

为什么我的permit方法不允许使用step_items_attributes哈希?我怎么能弄清楚其他符号可能有用呢?

1 个答案:

答案 0 :(得分:1)

您允许的项目设置为step_item_attributes,但您尝试使用's'传递step_items_attributes(项目)。这就是你得到Unpermitted parameters: step_items_attributes

的原因