Rails 4 ForbiddenAttributesError - 嵌套資源

Question

我在我的Rails 4應用程序中遇到了「ForbiddenAttributesError」。我在這裏錯過了什麼？

另外問題是，爲什麼「examination_id」參數沒有發送到請求？

請求

Started POST "/examinations/1/participations" for 127.0.0.1 at 2014-03-26 10:47:01 +0200 
Processing by ParticipationsController#create as HTML 
    Parameters: {"utf8"=>"✓", "authenticity_token"=>"EuGZIXKJE9a1It6Ema5t+g07vXngQoqPMV5qQBfekfg=", "participation"=>{"user_id"=>"1", "examination_id"=>"", "language_preference"=>"İngilizce", "exam_center_preference"=>"1", "disability"=>"0"}, "commit"=>"Sınava Başvur", "examination_id"=>"1"} 
    User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 ORDER BY "users"."id" ASC LIMIT 1 
    Examination Load (0.2ms) SELECT "examinations".* FROM "examinations" WHERE "examinations"."id" = ? LIMIT 1 [["id", "1"]] 
Completed 500 Internal Server Error in 5ms 

ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError): 
app/controllers/participations_controller.rb:37:in `create' 

的routes.rb

resources :examinations do 
    resources :participations 
end 

Participation.rb

class Participation < ActiveRecord::Base 
    belongs_to :user 
    belongs_to :examination 
end 

Examination.rb

class Examination < ActiveRecord::Base 
    has_many :participations 
    has_many :users, :through => :participations 
    has_many :exam_fees, dependent: :destroy 
    has_many :exam_languages, dependent: :destroy 
end 

participations_controller.rb

#encoding: utf-8 

class ParticipationsController < ApplicationController 

    before_filter :authenticate_user! 
    before_action :set_participation, only: [:show, :edit, :update, :destroy] 
    before_filter :get_examination 

    def get_examination 
    @examination = Examination.find(params[:examination_id]) 
    end 

    # GET /participations 
    # GET /participations.json 
    def index 
    @participations = @examination.participations 
    end 

    # GET /participations/1 
    # GET /participations/1.json 
    def show 
    @participation = @examination.participations.find(params[:id]) 
    end 

    # GET /participations/new 
    def new 
    @participation = Participation.new 
    end 

    # GET /participations/1/edit 
    def edit 
    end 

    # POST /participations 
    # POST /participations.json 
    def create 
    @participation = @examination.participations.new(params[:participation]) 
    @participation.user = current_user 

    respond_to do |format| 
     if @participation.save 
     redirect_to @examination 
     format.html { redirect_to [@examination, @participation], notice: 'Sınav Katılımınız Oluşturuldu!' } 
     format.json { render action: 'show', status: :created, location: [@examination, @participation] } 
     else 
     render 'new' 
     format.html { render action: 'new' } 
     format.json { render json: @participation.errors, status: :unprocessable_entity } 
     end 
    end 
    end 

    # PATCH/PUT /participations/1 
    # PATCH/PUT /participations/1.json 
    def update 
    respond_to do |format| 
     if @participation.update(participation_params) 
     format.html { redirect_to [@examination, @participation], notice: 'Sınav Katılımını Güncellendi!' } 
     format.json { head :no_content } 
     else 
     format.html { render action: 'edit' } 
     format.json { render json: @participation.errors, status: :unprocessable_entity } 
     end 
    end 
    end 

    private 
    # Use callbacks to share common setup or constraints between actions. 
    def set_participation 
     @participation = Participation.find(params[:id]) 
    end 

    # Never trust parameters from the scary internet, only allow the white list through. 
    def participation_params 
     params.require(:participation).permit(:user_id, :examination_id, :payment_status, :language_preference, :exam_center_preference, :disability) 
    end 
end 

/views/participations/_form.html.erb

<%= simple_form_for([@examination, @participation]) do |f| %> 
    <%= f.error_notification %> 

    <fieldset> 
    <legend>Sınav Katılımı</legend> 
    <%= f.input :user_id, :as => :hidden, :input_html => { :value => current_user.id } %> 
    <%= f.input :examination_id, as: :hidden %> 
    <%= f.input :language_preference, collection: ["Türkçe", "İngilizce", "Rusça"], label: 'Sınav Dili Tercihi' %> 
    <%= f.input :exam_center_preference, collection:ExamCenter.all, label_method: :city, as: :select, label: 'Sınav Merkezi Tercihi' %> 
    <%= f.input :disability, inline_label: 'Yardımcı İstiyorum', label: false %> 
    <%= f.button :submit, "Sınava Başvur" %> 
    </fieldset> 
<% end %> 

Answer 1

爲了分配在導軌參數4對象，你應該使用強大的參數'語法'在你的實現participation_params方法，而不是直接傳遞參數。因此，改變行：

@participation = @examination.participations.new(params[:participation]) 

到：

@participation = @examination.participations.new(participation_params) 

既然你通過創建您的關聯記錄Participation，你並不需要在此控制器examination_id PARAM。更重要的是，如果您允許使用此參數，則可以輕鬆地將Participation分配給Examination，而不是從您創建的上下文Participation中進行分配，我認爲這是我們所期望的。所以我想你應該從你的表格和participation_params方法中刪除examination_id。