Question

嘿，伙计们不确定这里发生了什么。我的应用程序上有电影和评论家。我已经建立了这些与评论之间的关联。我试图设置控制器和表单来创建和销毁评论。在rails控制台中，我可以创建属于两者的评论并且我已经测试了我的控制器（虽然可能不正确）并且它似乎正在工作，所以我认为问题在于我的形式。先谢谢你们。这是代码和服务器日志：

class ReviewsController < ApplicationController

def create
    @movie = Movie.find(params[:movie_id])
    current_critic.reviews.create(content: params[:content], movie_id: @movie.id)
    redirect_to @movie
end

def destroy
    @movie = Movie.find(params[:movie_id])
    @review = current_critic.reviews.find_by(movie_id: @movie.id)
    @review.delete
    redirect_to @movie
end

end

形式：

<div class="form">
<h1 class="smaller">Write a Review</h1>
<%= form_for(current_critic.reviews.new) do |r| %>
<%= hidden_field_tag :movie_id, @movie.id %>
<ul>
    <li>
        <%= r.text_area :content, placeholder: "Write your review...", size: "50x10" %>
    </li>

    <li>
        <%= r.submit "Submit Review" %>
    </li>
</ul>
<% end %>
</div>

提交表单后

服务器日志：

Started POST "/reviews" for 99.39.164.184 at 2015-12-04 20:34:59 +0000
Processing by ReviewsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"d16BVZxzqZY5bQrw9xr2VlWbWjh0Dc7bL6t4OgKQPk1RXWt40acMjtkjXG9DUBBfnA7K06iJDwQzd5YJ0D6c4Q==", "movie_id"=>"2", "review"=>{"content"=>"One last try at writing and submitting a review before I head out"}, "commit"=>"Submit Review"}
  Movie Load (2.1ms)  SELECT  "movies".* FROM "movies" WHERE "movies"."id" = ? LIMIT 1  [["id", 2]]
  Critic Load (0.2ms)  SELECT  "critics".* FROM "critics" WHERE "critics"."id" = ? LIMIT 1  [["id", 1]]
   (5.3ms)  begin transaction
   (0.9ms)  commit transaction
Redirected to https://everyones-a-critic-caedbudris.c9users.io/movies/2
Completed 302 Found in 574ms (ActiveRecord: 18.1ms)

编辑：我为create创建了强大的参数，所以控制器现在是

def create
    @movie = Movie.find(params[:movie_id])
    current_critic.reviews.create(review_params)
    redirect_to @movie
end
private

    def review_params
        params.require(:review).permit(:content, :movie_id)
    end

它现在插入评论中，但由于某种原因，它没有得到hidden_field_tag传递的movie_id。这是为什么？

Started POST "/reviews" for 99.39.164.184 at 2015-12-05 21:31:07 +0000
Processing by ReviewsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"OlBIfneoWTvBtIeISTF9ubo9jj06oVyfDd6rswxe7xO+JyGXRvFV4TLD+3xKhBZHRF+eRJAawKUabU7KrLpZow==", "movie_id"=>"2", "review"=>{"content"=>"review review review review review"}, "commit"=>"Submit Review"}
  Movie Load (0.3ms)  SELECT  "movies".* FROM "movies" WHERE "movies"."id" = ? LIMIT 1  [["id", 2]]
  Critic Load (0.3ms)  SELECT  "critics".* FROM "critics" WHERE "critics"."id" = ? LIMIT 1  [["id", 1]]
   (0.1ms)  begin transaction
  SQL (6.4ms)  INSERT INTO "reviews" ("content", "critic_id", "created_at", "updated_at") VALUES (?, ?, ?, ?)  [["content", "review review review review review"], ["critic_id", 1], ["created_at", "2015-12-05 21:31:08.185722"], ["updated_at", "2015-12-05 21:31:08.185722"]]
   (10.3ms)  commit transaction
Redirected to https://everyones-a-critic-caedbudris.c9users.io/movies/2
Completed 302 Found in 157ms (ActiveRecord: 25.6ms)

Answer 1

您应该将参数列入白名单，默认情况下，rails不会接受任何参数以避免批量分配。正确的方法是在控制器底部定义受保护的块。像这样，

protected
def rating_params 
params.require(:rating).permit(:content)
end

你可以像

一样使用它

current_critic.reviews.create(rating_params)

Rails表单提交但不创建

1 个答案: