我在rails上使用ruby尝试更新用户信息,但是当我提交时,控制台将显示错误,说明用户存在并重定向到正确的页面。我的代码出了什么问题?
错误消息:
Started PATCH "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"sJm38g36DAYDo4eXdpcIPRX0e40Jp6cECmMwEvhCAEhTlDwwmmgOfXZqeczglNmJ4K9pQXiyXAsRsgP/C8lScg==", "name"=>"test123", "department"=>"123", "commit"=>"Update User", "id"=>"6"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", "6"]] (0.1ms)
begin transaction
User Exists (0.2ms)
SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'test@test.com' AND "users"."id" != 6) LIMIT 1 (0.1ms)
rollback transaction
Redirected to http://localhost:3000/users/6
Completed 302 Found in 9ms (ActiveRecord: 0.5ms)
Started GET "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#show as HTML
Parameters: {"id"=>"6"} User Load (0.1ms)
SELECT "users".* FROM "users" WHERE "users"."id"
= ? LIMIT 1 [["id", 6]]
Rendered users/show.html.erb within layouts/application (0.1ms)
User Load (0.2ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]]
Completed 200 OK in 66ms (Views: 64.3ms | ActiveRecord: 0.3ms)
编辑页面
<h1 class="center">Edit name</h1>
<div class="row">
<div class="col-md-6 col-md-offset-3">
<%= form_tag "/users/#{@user.id}", :method => 'patch' do %>
<p>
<%= label_tag :name %>
<%= text_field_tag :name, @user.name %>
</p>
<p>
<%= label_tag :department %>
<%= text_field_tag :department, @user.dept %>
</p>
<input type="submit" name="commit" value="Update User">
<% end %>
</div>
</div>
控制器是这样的
class UsersController < ApplicationController
before_action :authorize, only: [:show, :edit, :update]
def authorize
@user = User.find_by(id: params[:id])
if @user.blank? || session[:user_id] != @user.id
redirect_to root_url, notice: "Nice try!"
end
end
def new
@user = User.new
end
def show
end
def edit
end
def update
@user = User.find_by(id: params[:id])
@user.name = params[:name]
@user.dept = params[:department]
@user.save
redirect_to user_path(@user.id)
end
def create
@user = User.new(email: params[:email],
name: params[:name],
password: params[:password],
role: params[:role],
dept: params[:dept])
if @user.save
redirect_to root_url, notice: "Thanks for signing up."
else
render "new"
end
end
end
关于这部分的路由器就像:
# sign up
get '/signup' => 'users#new'
post '/users' => 'users#create'
get '/users/:id' => 'users#show', as: :user
get '/users/:id/edit' => 'users#edit', as: 'edit_user'
patch '/users/:id' => 'users#update'
答案 0 :(得分:1)
问题出在 form_tag ,应该是这样的
<%= form_tag({:action => :update}, {:method => :patch}) do %>
form_tag 的代码也很容易受到攻击。把它改成这样会更好。
<%= form_tag update_user_path(@user) do %>
or
<%= form_tag user_path(@user), :method => :patch do %>
答案 1 :(得分:0)
你使用的是铁轨4吗?
如果您愿意,您应该更新控制器以符合strong_parameters。
def update
@user = User.find(params[:id)
if @user.update_attributes(user_params)
redirect_to user_path(@user.id)
else
render :edit
end
end
private
def user_params
params.require(:user).permit(:name, :dept)
end
执行此操作意味着您必须将name和dept参数包含在user范围内,例如
user: { name: "Howard Moon", dept: "Zookeeper" }
但是在控制器中处理params的标准方法。
希望这有帮助!
编辑:指向Strong Parameters的链接,它可以更好地解释这个问题。哈哈