使用carrierwave上传时Rails未经许可的参数文件

时间:2016-02-08 08:54:40

标签: ruby-on-rails carrierwave

我正在尝试使用carrierwave上传,但我遇到了错误..当我选择文件并点击上传时仍然显示它不能为空并且在控制台上显示未经许可的参数文件
[upload_controller.rb]

class UploadsController < ApplicationController
  before_action :authenticate_user! 

  def index
    @uploads=Upload.all
  end

  def new
    @upload=Upload.new
  end


  def create

    @upload=Upload.new(params_abc)

     if  @upload.save
        Upload.upload(params[:upload][:files])  
        redirect_to  @upload
     else
       render 'new'
     end

  end

private

  def params_abc
        params.require(:upload).permit(:title,:description)
  end

end


[upload.rb]

class Upload < ActiveRecord::Base

    validates :description,  presence: true
    validates :title,  presence: true
    validates :tageline, presence: true

    mount_uploader :upload, UploadUploader 

    def self.upload(files)  
        files.each do |file|    
        #@file_extension=file.content_type.split('/')[1]            

            doc = Upload.new(tageline: file )
            #save is a method which will save the content in the database 
            doc.save!
        end
    end

end


[上传/ new.html.erb]

<%= form_for @upload,html: { multipart: true } do |f| %>
    <% if @upload.errors.any? %>
        <div id="errors">
            <h2><%= pluralize(@upload.errors.count, "error") %> prevented this post from saving:</h2>
            <ul>
                <% @upload.errors.full_messages.each do |msg| %>
                    <li><%= msg %></li>
                <% end %>
            </ul>
        </div>
    <% end %>

    <%= f.label :title %><br>
    <%= f.text_field :title %><br>
    <br>

    <%= f.label :description %><br>
    <%= f.text_field :description %><br>

     <br>



    <%= f.label :files %><br>
    <%= f.file_field :files%><br>
    <br>

    <%= f.submit %>
<% end %>


[upload_migration]

class CreateUploads < ActiveRecord::Migration
  def change
    create_table :uploads do |t|
        t.string :title, null: false
        t.string :description, null: false
        t.string :tageline, null: false
        t.timestamps
    end
  end
end


[安慰]

Started POST "/uploads" for 127.0.0.1 at 2016-02-08 14:18:54 +0530
Processing by UploadsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"1YaRS4BPwg6W5RaKNs/BOCf24TezALQWuxEEhjz04nY=", "upload"=>{"title"=>"mjkhhjkkj", "description"=>"jhhjnh", "files"=>#<ActionDispatch::Http::UploadedFile:0x000000053ec6c8 @tempfile=#<Tempfile:/tmp/RackMultipart20160208-10624-40whhz>, @original_filename="Design Patterns in Ruby (2007).pdf", @content_type="application/pdf", @headers="Content-Disposition: form-data; name=\"upload[files]\"; filename=\"Design Patterns in Ruby (2007).pdf\"\r\nContent-Type: application/pdf\r\n">}, "commit"=>"Create Upload"}
  User Load (0.3ms)  SELECT  `users`.* FROM `users`  WHERE `users`.`id` = 4  ORDER BY `users`.`id` ASC LIMIT 1
Unpermitted parameters: files
   (0.1ms)  BEGIN
   (0.1ms)  ROLLBACK
  Rendered uploads/new.html.erb within layouts/application (2.7ms)
Completed 200 OK in 86ms (Views: 82.3ms | ActiveRecord: 0.5ms)


[tageline_uploader]

# encoding: utf-8

class TagelineUploader < CarrierWave::Uploader::Base

  # Include RMagick or MiniMagick support:
  # include CarrierWave::RMagick
  # include CarrierWave::MiniMagick

  # Choose what kind of storage to use for this uploader:
  storage :file
  # storage :fog

  # Override the directory where uploaded files will be stored.
  # This is a sensible default for uploaders that are meant to be mounted:
  def store_dir
    "uploadss/post/#{model.id}"  
  end

  # Provide a default URL as a default if there hasn't been a file uploaded:
  # def default_url
  #   # For Rails 3.1+ asset pipeline compatibility:
  #   # ActionController::Base.helpers.asset_path("fallback/" + [version_name, "default.png"].compact.join('_'))
  #
  #   "/images/fallback/" + [version_name, "default.png"].compact.join('_')
  # end

  # Process files as they are uploaded:
  # process :scale => [200, 300]
  #
  # def scale(width, height)
  #   # do something
  # end

  # Create different versions of your uploaded files:
  # version :thumb do
  #   process :resize_to_fit => [50, 50]
  # end

  # Add a white list of extensions which are allowed to be uploaded.
  # For images you might use something like this:
  # def extension_white_list
  #   %w(jpg jpeg gif png)
  # end

  # Override the filename of the uploaded files:
  # Avoid using model.id or version_name here, see uploader/store.rb for details.
  # def filename
  #   "something.jpg" if original_filename
  # end

end

1 个答案:

答案 0 :(得分:1)

您应该在:tageline方法中添加参数params_abc

def params_abc
  params.require(:upload).permit(:tageline, :title, :description)
end

此外,您需要将:tageline添加为上传字段,因为您的数据库中没有:upload字段。

mount_uploader :tageline, UploadUploader

无需在模型upload中使用Upload方法,并为每个文件创建新的Upload对象,只需删除它即可。

此外,您应该从控制器中删除此行:

Upload.upload(params[:upload][:files])

并改变

<%= f.label :tageline %><br>
<%= f.file_field :tageline %><br>
在您的视图中