Ruby on rails Rails3中的强属性异常。不知道是什么引起的
这件事已经纠缠了好几天了。任何帮助都将不胜感激。我有一个表单,它向创建控制器发送艺术家名称。“创建”控制器使用名称创建艺术家,将用户指定给该艺术家,并创建艺术家布局。我想我已经为强params gem添加了正确的白名单,但是我得到了下面的错误 错误:Ruby on rails Rails3中的强属性异常。不知道是什么引起的,ruby-on-rails,ruby,ruby-on-rails-3,strong-parameters,Ruby On Rails,Ruby,Ruby On Rails 3,Strong Parameters,这件事已经纠缠了好几天了。任何帮助都将不胜感激。我有一个表单,它向创建控制器发送艺术家名称。“创建”控制器使用名称创建艺术家,将用户指定给该艺术家,并创建艺术家布局。我想我已经为强params gem添加了正确的白名单,但是我得到了下面的错误 错误: ActiveModel::ForbiddenAttributes in ArtistsController#create ActiveModel::ForbiddenAttributes Rails.root: /sites/music3 Ap
ActiveModel::ForbiddenAttributes in ArtistsController#create
ActiveModel::ForbiddenAttributes
Rails.root: /sites/music3
Application Trace | Framework Trace | Full Trace
Request
Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"xxxxxxxxxxxxxxxxxxxxxx",
"artist"=>{"name"=>"kkkk"},
"commit"=>"Create Artist"}
Show session dump
Show env dump
Response
Headers:
控制器
def create
@artist = Artist.new(artist_create_params)
#assigns User
@user = current_user
@artist.users << @user
@form = render_to_string('artists/_form',:layout => false)
#creates and assigns layout
@artist.profile_layout = ProfileLayout.new
respond_to do |format|
if @artist.update_attributes(artist_create_params)
format.html { redirect_to(edit_artist_path(@artist.url_slug)) }
format.xml { render :xml => @artist, :status => :created, :location => @artist }
else
format.html { render :action => "new" }
format.xml { render :xml => @artist.errors, :status => :unprocessable_entity }
end
end
end
def artist_create_params
#Using `strong_parameters` gem
params.required(:commit).permit!
params.required(:artist).permit!
end
改为
def artist_create_params
# NOTE: Using `strong_parameters` gem
params.require(:artist).permit(:name)
end
仍然得到上面的错误。不显示发生错误的行。见下文
Started POST "/artists" for 127.0.0.1 at 2014-06-04 19:10:27 -0400
Processing by ArtistsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"xxxxxxxxxxxxx", "artist"=>{"name"=>"ffasdf"}, "commit"=>"Create Artist"}
Completed 500 Internal Server Error in 8ms
ActiveModel::ForbiddenAttributes (ActiveModel::ForbiddenAttributes):
strong_parameters (0.2.3) lib/active_model/forbidden_attributes_protection.rb:11:in `sanitize_for_mass_assignment'
activerecord (3.2.11) lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
activerecord (3.2.11) lib/active_record/base.rb:497:in `initialize'
cancan (1.6.8) lib/cancan/controller_resource.rb:85:in `new'
cancan (1.6.8) lib/cancan/controller_resource.rb:85:in `build_resource'
cancan (1.6.8) lib/cancan/controller_resource.rb:66:in `load_resource_instance'
cancan (1.6.8) lib/cancan/controller_resource.rb:32:in `load_resource'
cancan (1.6.8) lib/cancan/controller_resource.rb:25:in `load_and_authorize_resource'
cancan (1.6.8) lib/cancan/controller_resource.rb:10:in `block in add_before_filter'
activesupport (3.2.11) lib/active_support/callbacks.rb:440:in `_run__3264816457187544022__process_action__2854128236876807797__callbacks'
activesupport (3.2.11) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.11) lib/active_support/callbacks.rb:385:in `_run_process_action_callbacks'
activesupport (3.2.11) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.11) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (3.2.11) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (3.2.11) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
activesupport (3.2.11) lib/active_support/notifications.rb:123:in `block in instrument'
activesupport (3.2.11) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (3.2.11) lib/active_support/notifications.rb:123:in `instrument'
actionpack (3.2.11) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
actionpack (3.2.11) lib/action_controller/metal/params_wrapper.rb:207:in `process_action'
activerecord (3.2.11) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (3.2.11) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.2.11) lib/abstract_controller/rendering.rb:45:in `process'
actionpack (3.2.11) lib/action_controller/metal.rb:203:in `dispatch'
actionpack (3.2.11) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
actionpack (3.2.11) lib/action_controller/metal.rb:246:in `block in action'
actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:73:in `call'
actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:36:in `call'
journey (1.0.4) lib/journey/router.rb:68:in `block in call'
journey (1.0.4) lib/journey/router.rb:56:in `each'
journey (1.0.4) lib/journey/router.rb:56:in `call'
actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:601:in `call'
warden (1.2.1) lib/warden/manager.rb:35:in `block in call'
warden (1.2.1) lib/warden/manager.rb:34:in `catch'
warden (1.2.1) lib/warden/manager.rb:34:in `call'
client_side_validations (3.2.5) lib/client_side_validations/middleware.rb:21:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
rack (1.4.3) lib/rack/etag.rb:23:in `call'
rack (1.4.3) lib/rack/conditionalget.rb:35:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/flash.rb:242:in `call'
rack (1.4.3) lib/rack/session/abstract/id.rb:210:in `context'
rack (1.4.3) lib/rack/session/abstract/id.rb:205:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/cookies.rb:341:in `call'
activerecord (3.2.11) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.2.11) lib/active_record/connection_adapters/abstract/connection_pool.rb:479:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (3.2.11) lib/active_support/callbacks.rb:405:in `_run__1232201288606729007__call__1474813276301895872__callbacks'
activesupport (3.2.11) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.11) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
activesupport (3.2.11) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.11) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/reloader.rb:65:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
railties (3.2.11) lib/rails/rack/logger.rb:32:in `call_app'
railties (3.2.11) lib/rails/rack/logger.rb:18:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/request_id.rb:22:in `call'
rack (1.4.3) lib/rack/methodoverride.rb:21:in `call'
rack (1.4.3) lib/rack/runtime.rb:17:in `call'
activesupport (3.2.11) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.4.3) lib/rack/lock.rb:15:in `call'
actionpack (3.2.11) lib/action_dispatch/middleware/static.rb:62:in `call'
railties (3.2.11) lib/rails/engine.rb:479:in `call'
railties (3.2.11) lib/rails/application.rb:223:in `call'
rack (1.4.3) lib/rack/content_length.rb:14:in `call'
railties (3.2.11) lib/rails/rack/log_tailer.rb:17:in `call'
rack (1.4.3) lib/rack/handler/webrick.rb:59:in `service'
/Users/therealtedkennedy/.rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service'
/Users/therealtedkennedy/.rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run'
/Users/therealtedkennedy/.rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread'
您不需要允许
:commit
参数,因为您没有尝试将它们批量分配给任何对象。只需使用:
params.require(:artist).permit!
或者更好:
params.require(:artist).permit(:name)
这就是说,我很惊讶你会收到你说的错误,所以请修复它并报告回来。根据堆栈跟踪,触发错误的赋值似乎来自cancan,而不是来自设置艺术家的姓名。尝试暂时禁用使用cancan的before_筛选器,看看这是否解决了问题。如果确实如此,那么您需要重新启用它,深入研究cancan并找出如何使用强_参数使其很好地发挥作用。我自己不使用它,但我认为Rails4有一个称为cancancan的分支,它可能也适用于Rails3.2和strong_参数
与您眼前的问题无关,但您可能还应该考虑升级到Rails3.2.x系列的最新版本,以获得他们发布的不同安全修复 跳过cancan授权会破坏拥有cancan的目的 这就是我所做的: 切换到 根据坎坎坎文件: 本回购协议是已死的CanCan项目的延续。我们的任务是通过维护修复和新功能,使CanCan保持活力并向前发展 CanCanCan还支持开箱即用的强参数 为
创建参数
或更新参数
创建私有方法
根据文档,在控制器中创建私有方法以处理属性权限:
private
def create_params
params.require(:speaking_lesson).permit(:name, :description, exercises_attributes: [:text])
end
然后,您可以在create
方法中访问新模型的实例以供使用:
def create
# @speaking_lesson is automatically created by CanCanCan during load_and_authorize_resource
@speaking_lesson.user_id = current_user.id
... do other stuff ...
end
将此行(
params.required(:commit).permit!params.required(:artist).permit!
)更改为params.require(:artist).permit(:artist)
,然后在堆栈跟踪中重试一次,哪一行触发了错误?@sockman未说明(请参见上文)。不过,我可能遗漏了一些内容。@anusha尝试按照您的建议进行更改,但仍然没有成功。@TheAltedKennedy您是否在您的模型中包含了这一行include-ActiveModel::BanbiddenAttributesProtection
。一旦将其更改为params,请检查此链接。require(:artist)。允许!和上面一样的错误。我真的被这个难住了。谢谢!这很有帮助。我在创建时添加了跳过cancan<代码>加载和授权资源跳过加载和授权资源:仅=>[:创建]
def create
# @speaking_lesson is automatically created by CanCanCan during load_and_authorize_resource
@speaking_lesson.user_id = current_user.id
... do other stuff ...
end