Ruby on rails 3 Rails 3功能测试:Can';t质量分配受保护的属性:控制器、操作
在Rails3项目中对我的控制器代码运行功能测试时,我有一个致命错误;Ruby on rails 3 Rails 3功能测试:Can';t质量分配受保护的属性:控制器、操作,ruby-on-rails-3,testing,activerecord,functional-testing,Ruby On Rails 3,Testing,Activerecord,Functional Testing,在Rails3项目中对我的控制器代码运行功能测试时,我有一个致命错误;params变量包含controller和action,ActiveModel对此不满意: ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: controller, action /Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/l
params
变量包含controller
和action
,ActiveModel对此不满意:
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: controller, action
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security.rb:228:in `sanitize_for_mass_assignment'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.2.1/lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
/Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.2.1/lib/active_record/base.rb:495:in `initialize'
/Users/phooze/Documents/rails-app/app/controllers/credentials_controller.rb:40:in `new'
应用程序调用“new”方法(发生错误的地方),代码为:
# Credential#create (POST)
def create
@credential = Credential.new(params)
# ... controller continues
end
最后,我的测试用例:
test "should create credential" do
assert_difference('Credential.count', 1) do
post :create, { :fid => "foobarbaz", :credentials_hash => "f00ba7f00ba7", :uid => "10023", :cid => "342" }
end
assert_response :created
end
将控制器代码更改为仅包含fid、凭据、uid和cid的“单独”参数散列可以使其正常工作。我很确定Rails是想表现得“好”,并为我提供额外的测试值,但它似乎造成了问题
关于如何解决此问题的任何建议?看起来您已经设置了
config.active\u record.mass\u assignment\u sanitizer=:strict
仅在测试环境中,而不是在开发或生产环境中,因为在任何环境中,params
始终包含controller
和action
我认为这里的最佳实践建议是始终为使用
form_,这样您就可以在params[:credential]
中获得凭证,或者确实可以使用params.slice(:fid,:uid等)
谢谢。我不使用params[:credential]的原因是它是一个Web API调用(在我的控制器中没有“新”方法)——并且一些参数是查询字符串,所以“credential[uid]”在查询字符串上不是不合理的。。。但不是我想做的第一件事:)