我不明白为什么我要发送这些Unpermitted parameter: format消息,我正在做一个JSON请求:POST "/questions/add_options.json"这些参数Parameters: {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}], "question"=>{}}这个是我在终端得到的......
Started POST "/questions/add_options.json" for 127.0.0.1 at 2016-08-16 23:12:27 -0300
Processing by QuestionsController#add_options as JSON
Parameters: {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}], "question"=>{}}
User Load (0.4ms) SELECT "login_aexa".* FROM "login_aexa" WHERE "login_aexa"."usuaex_id" = $1 ORDER BY "login_aexa"."usuaex_id" ASC LIMIT 1 [["usuaex_id", 1]]
Unpermitted parameter: format
Question Load (0.4ms) SELECT "questions".* FROM "questions" WHERE "questions"."id" = $1 LIMIT 1 [["id", 551]]
Unpermitted parameter: format
(0.2ms) BEGIN
(0.4ms) SELECT COUNT(*) FROM "options" WHERE "options"."question_id" = $1 [["question_id", 551]]
在Rails控制器中,我使用params允许拒绝不允许的参数,如下所示:
def question_add_options_params
params.permit(:id_question, options: [:position, :label, :value, :go_page], question: {})
end
在我看来格式应该没问题,任何人都知道为什么我会收到Unpermitted parameter: format条消息?
修改:
这里是控制器的代码
class QuestionsController < ApplicationController
before_action :set_question, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!
# GET /questions
# GET /questions.json
def index
@questions = Question.all
end
# GET /questions/1
# GET /questions/1.json
def show
end
# GET /questions/new
def new
@question = Question.new
end
# GET /questions/1/edit
def edit
end
# POST /questions
# POST /questions.json
def create
@question = Question.new(question_params)
respond_to do |format|
if @question.save
format.html { redirect_to @question, notice: 'Question was successfully created.' }
format.json { render :show, status: :created, location: @question }
else
format.html { render :new }
format.json { render json: @question.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /questions/1
# PATCH/PUT /questions/1.json
def update
respond_to do |format|
if @question.update(question_params)
format.html { redirect_to @question, notice: 'Question was successfully updated.' }
format.json { render :show, status: :ok, location: @question }
else
format.html { render :edit }
format.json { render json: @question.errors, status: :unprocessable_entity }
end
end
end
def add_options
@question = Question.find(question_add_options_params[:id_question])
question_add_options_params[:options].each do|q_aop|
@question.options.create(q_aop)
end
@options = @question.options
end
# DELETE /questions/1
# DELETE /questions/1.json
def destroy
@question.destroy
respond_to do |format|
format.html { redirect_to questions_url, notice: 'Question was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_question
@question = Question.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def question_params
params[:question]
end
def question_add_options_params
params.permit(:id_question, options: [:position, :label, :value, :go_page])
end
end
答案 0 :(得分:1)
params.permit(:id_question, options: [:position, :label, :value, :go_page], question: {})
这一行告诉Rails,允许的仅参数在上面的列表中。
如果你实际上看一个真正的params-hash,它不仅包含表单传入的params,它还包含如下内容::controller => :questions, :action => :create, :format => :json等...... Rails总是根据URL插入
通常我们使用例如form_for @question来命名表单,这意味着params就像这样:
{:controller => :questions, :action => :create,
:format => :json,
:question => {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}]}
}
然后你可以在控制器中执行此操作:
params.require(:question).permit(:id_question, options: [:position, :label, :value, :go_page])
这并不意味着你不允许你拥有通过rails传递始终的控制器/动作/格式参数...
显然,您需要修改这些名称以满足您的需求,但这是您需要采取的措施来阻止错误。
答案 1 :(得分:0)
我的 JSON 也有类似的问题,并认为这个问题可以使用更多示例。
为了避免 JSON 请求中的 Unpermitted parameter: format,请确保为 POST 和 PATCH 请求嵌套您的请求对象(例如 { question: {name: '', prompt: ''} } 并在控制器中使用 params.require(:question).permit(:name, :prompt, ..) 访问。对于 GET 和 DELETE请求,仅在控制器中使用 params.require(:id)。
为了建立在上面的 Taryn's reply 之上,我需要在我的前端为 POST 请求创建一个嵌套对象,并修复我在后端使用 require 和 permit 的方式。以下是示例:
POST /questionsRails 期望发布请求的格式为 { question: { name: '', prompt: '', ..} }。在前端:
// bad
$http.post('/questions.json', { name: 'Question 1', prompt: 'Bears eat beets?' })
// good
$http.post('/questions.json', { question: { name: 'Question 1', prompt: '...' } })
后端:
# app/controllers/questions_controller.rb
def question_params
# bad - logs 'Unpermitted parameter: format'
params.permit(:name, :prompt)
# good
params.require(:question).permit(:name, :prompt)
end
GET /questions/:id我的错误再次出现在后端。例如:
# app/controllers/questions_controller.rb
def show
# bad - logs 'Unpermitted parameter: format'
question = Question.where(params.permit(:id)).first
# good
question = Question.find(params.require(:id))
render json: question
end
答案 2 :(得分:-2)
<%= link_to "Questinons", questions_path(format: "json") %>