我尝试使用carrierwave gem在嵌套表单中上传文档。当我提交表单时,我可以看到有一个未经许可的参数。
Started POST "/debts" for ::1 at 2016-05-18 11:10:27 +1000
Started POST "/debts" for ::1 at 2016-05-18 11:10:27 +1000
Processing by DebtsController#create as HTML
Processing by DebtsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"fEmDQnog42ug97IllLL5A6g7oNueLaXIYwKpOEEqBwwjRdVkncNoPbeZuHsuD/HWz1PWGnD7m6lUyZmRJCKS9A==", "debt"=>{"amount"=>"", "details"=>"", "debtor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "creditor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "document"=>{"document"=>#<ActionDispatch::Http::UploadedFile:0x007f8fbbee2698 @tempfile=#<Tempfile:/var/folders/sn/t0vd19_x6mg1fkn8b4x1v8lm0000gn/T/RackMultipart20160518-27972-zmqd57.jpg>, @original_filename="pexels-photo (2).jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"debt[document][document]\"; filename=\"pexels-photo (2).jpg\"\r\nContent-Type: image/jpeg\r\n">}}, "commit"=>"Create Debt"}
Parameters: {"utf8"=>"✓", "authenticity_token"=>"fEmDQnog42ug97IllLL5A6g7oNueLaXIYwKpOEEqBwwjRdVkncNoPbeZuHsuD/HWz1PWGnD7m6lUyZmRJCKS9A==", "debt"=>{"amount"=>"", "details"=>"", "debtor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "creditor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "document"=>{"document"=>#<ActionDispatch::Http::UploadedFile:0x007f8fbbee2698 @tempfile=#<Tempfile:/var/folders/sn/t0vd19_x6mg1fkn8b4x1v8lm0000gn/T/RackMultipart20160518-27972-zmqd57.jpg>, @original_filename="pexels-photo (2).jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"debt[document][document]\"; filename=\"pexels-photo (2).jpg\"\r\nContent-Type: image/jpeg\r\n">}}, "commit"=>"Create Debt"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
Unpermitted parameter: document
Unpermitted parameter: document
Role Load (0.1ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'admin?') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 1]]
Role Load (0.1ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'admin?') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 1]]
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
(0.1ms) BEGIN
(0.1ms) BEGIN
SQL (0.3ms) INSERT INTO "creditors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id" [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.139053"], ["updated_at", "2016-05-18 01:10:27.139053"]]
SQL (0.3ms) INSERT INTO "creditors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id" [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.139053"], ["updated_at", "2016-05-18 01:10:27.139053"]]
SQL (0.2ms) INSERT INTO "debtors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id" [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.140363"], ["updated_at", "2016-05-18 01:10:27.140363"]]
SQL (0.2ms) INSERT INTO "debtors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id" [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.140363"], ["updated_at", "2016-05-18 01:10:27.140363"]]
SQL (0.3ms) INSERT INTO "debts" ("details", "user_id", "status", "creditor_id", "debtor_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["details", ""], ["user_id", 1], ["status", "Pre Collection"], ["creditor_id", 28], ["debtor_id", 28], ["created_at", "2016-05-18 01:10:27.141270"], ["updated_at", "2016-05-18 01:10:27.141270"]]
SQL (0.3ms) INSERT INTO "debts" ("details", "user_id", "status", "creditor_id", "debtor_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["details", ""], ["user_id", 1], ["status", "Pre Collection"], ["creditor_id", 28], ["debtor_id", 28], ["created_at", "2016-05-18 01:10:27.141270"], ["updated_at", "2016-05-18 01:10:27.141270"]]
(2.0ms) COMMIT
(2.0ms) COMMIT
Redirected to http://localhost:3000/debts/28
Redirected to http://localhost:3000/debts/28
Completed 302 Found in 20ms (ActiveRecord: 3.1ms)
Completed 302 Found in 20ms (ActiveRecord: 3.1ms)
我已经允许控制器中的参数
def debt_params
params.require(:debt).permit(:user_id, :amount, :commission, :invoice_issued, :invoice_date, :status, :details,
document_attributes: [:id, :debt_id, :document],
debtor_attributes: [:id, :user_id, :business_name, :abn, :first_name, :last_name, :email, :mobile_number, :phone_number],
creditor_attributes: [:id, :user_id, :business_name, :abn, :first_name, :last_name, :email, :mobile_number, :phone_number])
end
模型接受
的嵌套属性class Debt < ActiveRecord::Base
belongs_to :user
belongs_to :creditor
belongs_to :debtor
has_many :documents
accepts_nested_attributes_for :debtor
accepts_nested_attributes_for :creditor
accepts_nested_attributes_for :documents
end
不确定我在这里失踪了什么?
答案 0 :(得分:1)
答案是在controller = documents_attributes
中将document_attributes更改为复数形式