Ruby on rails Rails3中的强属性异常。不知道是什么引起的_Ruby On Rails_Ruby_Ruby On Rails 3_Strong Parameters

Ruby on rails Rails3中的强属性异常。不知道是什么引起的

ruby-on-rails ruby ruby-on-rails-3

Ruby on rails Rails3中的强属性异常。不知道是什么引起的,ruby-on-rails,ruby,ruby-on-rails-3,strong-parameters,Ruby On Rails,Ruby,Ruby On Rails 3,Strong Parameters,这件事已经纠缠了好几天了。任何帮助都将不胜感激。我有一个表单，它向创建控制器发送艺术家名称。“创建”控制器使用名称创建艺术家，将用户指定给该艺术家，并创建艺术家布局。我想我已经为强params gem添加了正确的白名单，但是我得到了下面的错误错误： ActiveModel::ForbiddenAttributes in ArtistsController#create ActiveModel::ForbiddenAttributes Rails.root: /sites/music3 Ap

这件事已经纠缠了好几天了。任何帮助都将不胜感激。我有一个表单，它向创建控制器发送艺术家名称。“创建”控制器使用名称创建艺术家，将用户指定给该艺术家，并创建艺术家布局。我想我已经为强params gem添加了正确的白名单，但是我得到了下面的错误

错误：

ActiveModel::ForbiddenAttributes in ArtistsController#create

ActiveModel::ForbiddenAttributes
Rails.root: /sites/music3

Application Trace | Framework Trace | Full Trace
Request

Parameters:

{"utf8"=>"✓",
 "authenticity_token"=>"xxxxxxxxxxxxxxxxxxxxxx",
 "artist"=>{"name"=>"kkkk"},
 "commit"=>"Create Artist"}
Show session dump

Show env dump

Response

Headers:

控制器

def create

@artist = Artist.new(artist_create_params)
#assigns User

@user = current_user
@artist.users << @user

@form = render_to_string('artists/_form',:layout => false)

#creates and assigns layout
@artist.profile_layout = ProfileLayout.new

respond_to do |format|
  if @artist.update_attributes(artist_create_params)
    format.html { redirect_to(edit_artist_path(@artist.url_slug)) }
    format.xml { render :xml => @artist, :status => :created, :location => @artist }

  else
    format.html { render :action => "new" }
    format.xml { render :xml => @artist.errors, :status => :unprocessable_entity }
  end
end
end

def artist_create_params
   #Using `strong_parameters` gem
   params.required(:commit).permit!
   params.required(:artist).permit!

end

改为

def artist_create_params
  # NOTE: Using `strong_parameters` gem

    params.require(:artist).permit(:name)

end

仍然得到上面的错误。不显示发生错误的行。见下文

Started POST "/artists" for 127.0.0.1 at 2014-06-04 19:10:27 -0400

Processing by ArtistsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"xxxxxxxxxxxxx", "artist"=>{"name"=>"ffasdf"}, "commit"=>"Create Artist"}
Completed 500 Internal Server Error in 8ms

ActiveModel::ForbiddenAttributes (ActiveModel::ForbiddenAttributes):
  strong_parameters (0.2.3) lib/active_model/forbidden_attributes_protection.rb:11:in `sanitize_for_mass_assignment'
  activerecord (3.2.11) lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
  activerecord (3.2.11) lib/active_record/base.rb:497:in `initialize'
  cancan (1.6.8) lib/cancan/controller_resource.rb:85:in `new'
  cancan (1.6.8) lib/cancan/controller_resource.rb:85:in `build_resource'
  cancan (1.6.8) lib/cancan/controller_resource.rb:66:in `load_resource_instance'
  cancan (1.6.8) lib/cancan/controller_resource.rb:32:in `load_resource'
  cancan (1.6.8) lib/cancan/controller_resource.rb:25:in `load_and_authorize_resource'
  cancan (1.6.8) lib/cancan/controller_resource.rb:10:in `block in add_before_filter'
  activesupport (3.2.11) lib/active_support/callbacks.rb:440:in `_run__3264816457187544022__process_action__2854128236876807797__callbacks'
  activesupport (3.2.11) lib/active_support/callbacks.rb:405:in `__run_callback'
  activesupport (3.2.11) lib/active_support/callbacks.rb:385:in `_run_process_action_callbacks'
  activesupport (3.2.11) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (3.2.11) lib/abstract_controller/callbacks.rb:17:in `process_action'
  actionpack (3.2.11) lib/action_controller/metal/rescue.rb:29:in `process_action'
  actionpack (3.2.11) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
  activesupport (3.2.11) lib/active_support/notifications.rb:123:in `block in instrument'
  activesupport (3.2.11) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
  activesupport (3.2.11) lib/active_support/notifications.rb:123:in `instrument'
  actionpack (3.2.11) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
  actionpack (3.2.11) lib/action_controller/metal/params_wrapper.rb:207:in `process_action'
  activerecord (3.2.11) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
  actionpack (3.2.11) lib/abstract_controller/base.rb:121:in `process'
  actionpack (3.2.11) lib/abstract_controller/rendering.rb:45:in `process'
  actionpack (3.2.11) lib/action_controller/metal.rb:203:in `dispatch'
  actionpack (3.2.11) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
  actionpack (3.2.11) lib/action_controller/metal.rb:246:in `block in action'
  actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:73:in `call'
  actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
  actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:36:in `call'
  journey (1.0.4) lib/journey/router.rb:68:in `block in call'
  journey (1.0.4) lib/journey/router.rb:56:in `each'
  journey (1.0.4) lib/journey/router.rb:56:in `call'
  actionpack (3.2.11) lib/action_dispatch/routing/route_set.rb:601:in `call'
  warden (1.2.1) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.1) lib/warden/manager.rb:34:in `catch'
  warden (1.2.1) lib/warden/manager.rb:34:in `call'
  client_side_validations (3.2.5) lib/client_side_validations/middleware.rb:21:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
  rack (1.4.3) lib/rack/etag.rb:23:in `call'
  rack (1.4.3) lib/rack/conditionalget.rb:35:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/head.rb:14:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/flash.rb:242:in `call'
  rack (1.4.3) lib/rack/session/abstract/id.rb:210:in `context'
  rack (1.4.3) lib/rack/session/abstract/id.rb:205:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/cookies.rb:341:in `call'
  activerecord (3.2.11) lib/active_record/query_cache.rb:64:in `call'
  activerecord (3.2.11) lib/active_record/connection_adapters/abstract/connection_pool.rb:479:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
  activesupport (3.2.11) lib/active_support/callbacks.rb:405:in `_run__1232201288606729007__call__1474813276301895872__callbacks'
  activesupport (3.2.11) lib/active_support/callbacks.rb:405:in `__run_callback'
  activesupport (3.2.11) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
  activesupport (3.2.11) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (3.2.11) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/reloader.rb:65:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
  railties (3.2.11) lib/rails/rack/logger.rb:32:in `call_app'
  railties (3.2.11) lib/rails/rack/logger.rb:18:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/request_id.rb:22:in `call'
  rack (1.4.3) lib/rack/methodoverride.rb:21:in `call'
  rack (1.4.3) lib/rack/runtime.rb:17:in `call'
  activesupport (3.2.11) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
  rack (1.4.3) lib/rack/lock.rb:15:in `call'
  actionpack (3.2.11) lib/action_dispatch/middleware/static.rb:62:in `call'
  railties (3.2.11) lib/rails/engine.rb:479:in `call'
  railties (3.2.11) lib/rails/application.rb:223:in `call'
  rack (1.4.3) lib/rack/content_length.rb:14:in `call'
  railties (3.2.11) lib/rails/rack/log_tailer.rb:17:in `call'
  rack (1.4.3) lib/rack/handler/webrick.rb:59:in `service'
  /Users/therealtedkennedy/.rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service'
  /Users/therealtedkennedy/.rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run'
  /Users/therealtedkennedy/.rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread'

您不需要允许

：commit

参数，因为您没有尝试将它们批量分配给任何对象。只需使用：

params.require(:artist).permit!

或者更好：

params.require(:artist).permit(:name)

这就是说，我很惊讶你会收到你说的错误，所以请修复它并报告回来。

根据堆栈跟踪，触发错误的赋值似乎来自cancan，而不是来自设置艺术家的姓名。尝试暂时禁用使用cancan的before_筛选器，看看这是否解决了问题。如果确实如此，那么您需要重新启用它，深入研究cancan并找出如何使用强_参数使其很好地发挥作用。我自己不使用它，但我认为Rails4有一个称为cancancan的分支，它可能也适用于Rails3.2和strong_参数

与您眼前的问题无关，但您可能还应该考虑升级到Rails3.2.x系列的最新版本，以获得他们发布的不同安全修复

跳过cancan授权会破坏拥有cancan的目的

这就是我所做的：

切换到

根据坎坎坎文件：

本回购协议是已死的CanCan项目的延续。我们的任务是通过维护修复和新功能，使CanCan保持活力并向前发展

CanCanCan还支持开箱即用的强参数

为
创建参数
或
更新参数
创建私有方法

根据文档，在控制器中创建私有方法以处理属性权限：

private

def create_params
  params.require(:speaking_lesson).permit(:name, :description, exercises_attributes: [:text])
end

然后，您可以在

create

方法中访问新模型的实例以供使用：

def create
  # @speaking_lesson is automatically created by CanCanCan during load_and_authorize_resource
  @speaking_lesson.user_id = current_user.id

  ... do other stuff ...
end

将此行（

params.required（：commit）.permit！params.required（：artist）.permit！

）更改为

params.require（：artist）.permit（：artist）

，然后在堆栈跟踪中重试一次，哪一行触发了错误？@sockman未说明（请参见上文）。不过，我可能遗漏了一些内容。@anusha尝试按照您的建议进行更改，但仍然没有成功。@TheAltedKennedy您是否在您的模型中包含了这一行

include-ActiveModel:：BanbiddenAttributesProtection

。一旦将其更改为params，请检查此链接。require（：artist）。允许！和上面一样的错误。我真的被这个难住了。谢谢！这很有帮助。我在创建时添加了跳过cancan<代码>加载和授权资源跳过加载和授权资源：仅=>[：创建]

def create
  # @speaking_lesson is automatically created by CanCanCan during load_and_authorize_resource
  @speaking_lesson.user_id = current_user.id

  ... do other stuff ...
end