Rails 4设计嵌套表单无法批量分配受保护的属性

Question

我有一个设计模型，在注册时有一个嵌套形式（supp_form是嵌套对象）。当我提交表单时，我收到以下错误：

WARNING: Can't mass-assign protected attributes for Business: supp_form_attributes, terms_of_service
app/controllers/businesses/registrations_controller.rb:11:in `create'

我使用的是nested_form gem，好像我的表单将字段数据传递给控制台。提交后的参数如下所示：

Parameters: {"utf8"=>"✓", "authenticity_token"=>"XXX", "business"=>{"type"=>"Business", "supp_form_attributes"=>{"title"=>"mr.", "first_name"=>"jane", "last_name"=>"doe", "mobile_phone_number"=>"94034903", "loan_agreement_authorization"=>"1", "work_phone_number"=>"49034903", "business_industry"=>"Natural Resources and Mining", "legal_structure"=>"Sole Proprietorship", "employee_count"=>"5 to 10", "years_in_business"=>"5+ years", "business_address"=>"72 pentland rd", "business_city"=>"Waterdown", "business_postal_code"=>"l0r2h5", "business_province"=>"ON"}

business.rb

class Business < User
  # Associations
  has_one :supp_form
  has_many :loan_applications
  has_many :transactions

  # Nested attributes
  accepts_nested_attributes_for :supp_form, :loan_applications

  # After save action
  after_save :create_account

  # Validations
  validates_acceptance_of :terms_of_service
  validate :terms_of_service, presence: true 
end

supp_form.rb

class SuppForm < ActiveRecord::Base
  # Associations
  belongs_to :business

  # Validations
  validates_acceptance_of :terms
  validates :business_id, :first_name, :last_name, :work_phone_number, :business_address, :business_postal_code, :business_city, presence: true
end

registraionts_controller.rb

class Businesses::RegistrationsController < Devise::RegistrationsController
  before_filter :update_sanitized_params

  def new
    build_resource({})
    resource.build_supp_form
    respond_with self.resource
  end

  def create
    super
    resource.update_attribute(:railsid, '%010d' % rand(10 ** 10))
  end

  private

    def update_sanitized_params
      devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:email, :password, :password_confirmation, :type, :confirmed_at, :business_name, :terms, :railsid, :terms_of_service,
                                                              supp_form_attributes: [:business_id, :title, :loan_agreement_authorization, :first_name, 
                                                                                    :last_name, :work_phone_number, :business_address, :business_postal_code, 
                                                                                    :business_city, :business_name, :years_in_business, :legal_structure, 
                                                                                    :business_industry, :employee_count, :mobile_phone_number, :business_province])}
    end

    def after_sign_up_path_for(resource)
      business_root_path
    end

end

supp_forms_controller.rb

class SuppFormsController < ApplicationController
  before_filter :authenticate_user!

  def new
    @suppform = SuppForm.new(supp_form_params)
  end

  def create
    @suppform = SuppForm.create(supp_form_params)
  end 

  private

    def supp_form_params
      params.require(:supp_form).permit(:business_id, :title, :loan_agreement_authorization, :first_name, 
                                                                                :last_name, :work_phone_number, :business_address, :business_postal_code, 
                                                                                :business_city, :business_name, :years_in_business, :legal_structure, 
                                                                                :business_industry, :employee_count, :mobile_phone_number, :business_province)
    end
end

Answer 1

您正在使用具有强参数的Rails 4。并且您会收到由protected_attributes gem（或默认的rails 3应用程序）触发的错误。

使用strong_parameters，您可以删除protected_attributes gem的安全性。如果你有配置，请删除配置（config.active_record.whitelist_attributes）。