未经许可的参数载波

时间:2016-05-18 01:18:13

标签: ruby-on-rails carrierwave

我尝试使用carrierwave gem在嵌套表单中上传文档。当我提交表单时,我可以看到有一个未经许可的参数。

    Started POST "/debts" for ::1 at 2016-05-18 11:10:27 +1000
Started POST "/debts" for ::1 at 2016-05-18 11:10:27 +1000
Processing by DebtsController#create as HTML
Processing by DebtsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"fEmDQnog42ug97IllLL5A6g7oNueLaXIYwKpOEEqBwwjRdVkncNoPbeZuHsuD/HWz1PWGnD7m6lUyZmRJCKS9A==", "debt"=>{"amount"=>"", "details"=>"", "debtor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "creditor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "document"=>{"document"=>#<ActionDispatch::Http::UploadedFile:0x007f8fbbee2698 @tempfile=#<Tempfile:/var/folders/sn/t0vd19_x6mg1fkn8b4x1v8lm0000gn/T/RackMultipart20160518-27972-zmqd57.jpg>, @original_filename="pexels-photo (2).jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"debt[document][document]\"; filename=\"pexels-photo (2).jpg\"\r\nContent-Type: image/jpeg\r\n">}}, "commit"=>"Create Debt"}
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"fEmDQnog42ug97IllLL5A6g7oNueLaXIYwKpOEEqBwwjRdVkncNoPbeZuHsuD/HWz1PWGnD7m6lUyZmRJCKS9A==", "debt"=>{"amount"=>"", "details"=>"", "debtor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "creditor_attributes"=>{"business_name"=>"", "abn"=>"", "first_name"=>"", "mobile_number"=>"", "last_name"=>"", "phone_number"=>"", "email"=>""}, "document"=>{"document"=>#<ActionDispatch::Http::UploadedFile:0x007f8fbbee2698 @tempfile=#<Tempfile:/var/folders/sn/t0vd19_x6mg1fkn8b4x1v8lm0000gn/T/RackMultipart20160518-27972-zmqd57.jpg>, @original_filename="pexels-photo (2).jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"debt[document][document]\"; filename=\"pexels-photo (2).jpg\"\r\nContent-Type: image/jpeg\r\n">}}, "commit"=>"Create Debt"}
  User Load (0.2ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1  ORDER BY "users"."id" ASC LIMIT 1  [["id", 1]]
  User Load (0.2ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1  ORDER BY "users"."id" ASC LIMIT 1  [["id", 1]]
Unpermitted parameter: document
Unpermitted parameter: document
  Role Load (0.1ms)  SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'admin?') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)))  [["user_id", 1]]
  Role Load (0.1ms)  SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'admin?') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)))  [["user_id", 1]]
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
Unpermitted parameter: document
   (0.1ms)  BEGIN
   (0.1ms)  BEGIN
  SQL (0.3ms)  INSERT INTO "creditors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id"  [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.139053"], ["updated_at", "2016-05-18 01:10:27.139053"]]
  SQL (0.3ms)  INSERT INTO "creditors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id"  [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.139053"], ["updated_at", "2016-05-18 01:10:27.139053"]]
  SQL (0.2ms)  INSERT INTO "debtors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id"  [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.140363"], ["updated_at", "2016-05-18 01:10:27.140363"]]
  SQL (0.2ms)  INSERT INTO "debtors" ("business_name", "first_name", "last_name", "email", "mobile_number", "phone_number", "user_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING "id"  [["business_name", ""], ["first_name", ""], ["last_name", ""], ["email", ""], ["mobile_number", ""], ["phone_number", ""], ["user_id", 1], ["created_at", "2016-05-18 01:10:27.140363"], ["updated_at", "2016-05-18 01:10:27.140363"]]
  SQL (0.3ms)  INSERT INTO "debts" ("details", "user_id", "status", "creditor_id", "debtor_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id"  [["details", ""], ["user_id", 1], ["status", "Pre Collection"], ["creditor_id", 28], ["debtor_id", 28], ["created_at", "2016-05-18 01:10:27.141270"], ["updated_at", "2016-05-18 01:10:27.141270"]]
  SQL (0.3ms)  INSERT INTO "debts" ("details", "user_id", "status", "creditor_id", "debtor_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id"  [["details", ""], ["user_id", 1], ["status", "Pre Collection"], ["creditor_id", 28], ["debtor_id", 28], ["created_at", "2016-05-18 01:10:27.141270"], ["updated_at", "2016-05-18 01:10:27.141270"]]
   (2.0ms)  COMMIT
   (2.0ms)  COMMIT
Redirected to http://localhost:3000/debts/28
Redirected to http://localhost:3000/debts/28
Completed 302 Found in 20ms (ActiveRecord: 3.1ms)
Completed 302 Found in 20ms (ActiveRecord: 3.1ms)

我已经允许控制器中的参数

    def debt_params
  params.require(:debt).permit(:user_id, :amount, :commission, :invoice_issued, :invoice_date, :status, :details,
  document_attributes: [:id, :debt_id, :document],
  debtor_attributes: [:id, :user_id, :business_name, :abn, :first_name, :last_name, :email, :mobile_number, :phone_number],
  creditor_attributes: [:id, :user_id, :business_name, :abn, :first_name, :last_name, :email, :mobile_number, :phone_number])
end

模型接受

的嵌套属性
class Debt < ActiveRecord::Base
 belongs_to :user
 belongs_to :creditor
 belongs_to :debtor
 has_many :documents

 accepts_nested_attributes_for :debtor
 accepts_nested_attributes_for :creditor
 accepts_nested_attributes_for :documents
end

不确定我在这里失踪了什么?

1 个答案:

答案 0 :(得分:1)

答案是在controller = documents_attributes

中将document_attributes更改为复数形式