未允许的参数:rails中的user_id错误

时间:2017-05-10 08:58:21

标签: ruby-on-rails ruby devise

我在rails应用程序中使用devise进行身份验证一切正常,但我有一个帖子模型,并且在我尝试创建新帖子后注册后显示错误:

1 error prohibited this post from being saved:
User must exist

我看了看终端并得到了这个:

Unpermitted parameter: user_id
   (0.0ms)  begin transaction
   (0.0ms)  rollback transaction

我尝试添加用户控制器 的 users_controller.rb 

class UsersController < ApplicationController
  before_action :authenticate_user!
  before_action :set_user
  before_action :check_ownership, only: [:edit, :update]
  respond_to :html, :js

# GET /users
      # GET /users.json
      def index
        @users = User.all
      end

      # GET /users/1
      # GET /users/1.json
      def show
      end

      # GET /users/new
      def new
        @user = User.new
      end

      # GET /users/1/edit
      def edit
      end

      # POST /users
      # POST /users.json
      def create
        @user = User.new(user_params)

        respond_to do |format|
          if @user.save
            format.html { redirect_to @user, notice: 'User was successfully created.' }
            format.json { render action: 'show', status: :created, location: @user }
          else
            format.html { render action: 'new' }
            format.json { render json: @user.errors, status: :unprocessable_entity }
          end
        end
      end

      # PATCH/PUT /users/1
      # PATCH/PUT /users/1.json
      def update
        respond_to do |format|
          if @user.update(user_params)
            format.html { redirect_to @user, notice: 'User was successfully updated.' }
            format.json { head :no_content }
          else
            format.html { render action: 'edit' }
            format.json { render json: @user.errors, status: :unprocessable_entity }
          end
        end
      end

      # DELETE /users/1
      # DELETE /users/1.json
      def destroy
        @user.destroy
        respond_to do |format|
          format.html { redirect_to users_url }
          format.json { head :no_content }
        end
      end

      private
        # Use callbacks to share common setup or constraints between actions.
        def set_user
          @user = User.find(params[:id])
        end

        # Never trust parameters from the scary internet, only allow the white list through.
        def user_params
          params.require(:user).permit(:name, :email)
        end
    end

my posts_controler.rb 

class PostsController < ApplicationController
  before_action :authenticate_user!, :except => [:show, :index]
  before_action :set_post, only: [:show, :edit, :update, :destroy]

  # GET /posts
  # GET /posts.json
  def index
    @posts = Post.all
  end

  # GET /posts/1
  # GET /posts/1.json
  def show
  end

  # GET /posts/new
  def new
    @post = Post.new
  end

  # GET /posts/1/edit
  def edit
  end

  # POST /posts
  # POST /posts.json
  def create
    @post = Post.new(post_params)

    respond_to do |format|
      if @post.save
        format.html { redirect_to @post, notice: 'Post was successfully created.' }
        format.json { render :show, status: :created, location: @post }
      else
        format.html { render :new }
        format.json { render json: @post.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /posts/1
  # PATCH/PUT /posts/1.json
  def update
    respond_to do |format|
      if @post.update(post_params)
        format.html { redirect_to @post, notice: 'Post was successfully updated.' }
        format.json { render :show, status: :ok, location: @post }
      else
        format.html { render :edit }
        format.json { render json: @post.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /posts/1
  # DELETE /posts/1.json
  def destroy
    @post.destroy
    respond_to do |format|
      format.html { redirect_to posts_url, notice: 'Post was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_post
      @post = Post.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def post_params
      params.require(:post).permit(:tittle, :body)
    end
end

我的用户模型 

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

         has_many :posts
end

我的帖子模型 

class Post < ApplicationRecord
    belongs_to :user
end

我还通过此迁移向用户添加了user_id:

class AddUseridToPost < ActiveRecord::Migration[5.0]
  def change
    add_column :posts, :user_id, :integer
  end
end

2 个答案:

答案 0 :(得分:2)

如错误所示,允许user_id如下

def post_params
  params.require(:post).permit(:tittle, :body, :user_id)
end

或者,更好的方法是为post_in用户生成一个新帖子,如post post:

def create
  @post = current_user.posts.new(post_params)
  # ...other logic
end

这样,您也不需要允许user_id,它将确保参数不会被篡改..

答案 1 :(得分:0)

如果在模型中添加列,则应将其添加到允许的参数中。因此,在:user_id中允许的参数中添加posts_controller

def post_params
  params.require(:post).permit(:tittle, :body, :user_id)
end
相关问题
最新问题