Rails 5未經允許的參數：組織

Question

我在爲我的用戶提交註冊表單時收到錯誤Unpermitted parameter: organization。我正在使用「auth從頭開始」變體，而不是設計。這裏是我的代碼：

user.rb

class User < ApplicationRecord 
    belongs_to :organization 
    has_secure_password 
end 

organization.rb

class Organization < ApplicationRecord 
    has_many :users 
    has_many :tasks 
    accepts_nested_attributes_for :users 
end 

users_controller.rb

class UsersController < ApplicationController 
    def new 
    @user = User.new 
    @organization = Organization.new 
    end 

    def create 
    @user = User.new(user_params) 
    @user.build_organization(user_params[:organization_attributes]) 
    if @user.save 
     session[:user_id] = @user.id 
     redirect_to root_url, notice: "Thank you for signing up!" 
    else 
     render "new" 
    end 
    end 

    private 
    # Use callbacks to share common setup or constraints between actions. 
    def set_user 
     @user = User.find(params[:id]) 
    end 

    # Never trust parameters from the scary internet, only allow the white list through. 
    def user_params 
     params.require(:user).permit(:email, :password, :password_confirmation, :admin, 
     organization_attributes: :name) 
    end 
end 

new.html.erb

<h1>Sign Up</h1> 

<%= form_for @user do |f| %> 
    <% if @user.errors.any? %> 
    <div class="error_messages"> 
     <h2>Form is invalid</h2> 
     <ul> 
     <% @user.errors.full_messages.each do |message| %> 
      <li><%= message %></li> 
     <% end %> 
     </ul> 
    </div> 
    <% end %> 

    <div class="field"> 
    <%= f.label :email %><br /> 
    <%= f.text_field :email %> 
    </div> 
    <div class="field"> 
    <%= f.fields_for :organization do |org| %> 
    <%= 'Organization or Company Name' %><br /> 
    <%= org.text_field :name %> 
    <% end %> 
    </div> 
    <div class="field"> 
    <%= f.label :password %><br /> 
    <%= f.password_field :password %> 
    </div> 
    <div class="field"> 
    <%= f.label :password_confirmation %><br /> 
    <%= f.password_field :password_confirmation %> 
    </div> 
    <div class="field"> 
    <%= f.label :admin %><br /> 
    <%= f.check_box :admin %> 
    </div> 
    <div class="actions"><%= f.submit "Sign Up" %></div> 
<% end %> 

這裏是一個在提交控制檯偷看......

Processing by UsersController#create as HTML 
    Parameters: {"utf8"=>"✓", "authenticity_token"=>"lhzxsTF43PiGKwMXly/fufGoVNEMUgqymwtMkhCkNtmolArIqbUjuo/qxYUVpFxIfaB4qVV2sumDqa5O2ggLbA==", "user"=>{"email"=>"myuser@user.com", "organization"=>{"name"=>"myOrg"}, "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "admin"=>"0"}, "commit"=>"Sign Up"} 
Unpermitted parameter: organization 
Unpermitted parameter: organization 
    (0.1ms) begin transaction 
    SQL (0.3ms) INSERT INTO "organizations" ("created_at", "updated_at") VALUES (?, ?) [["created_at", 2016-07-25 15:39:56 UTC], ["updated_at", 2016-07-25 15:39:56 UTC]] 
    SQL (0.1ms) INSERT INTO "users" ("email", "password_digest", "organization_id", "created_at", "updated_at") VALUES (?, ?, ?, ?, ?) [["email", "myuser@user.com"], ["password_digest", "$2a$10$MEEXO6bU9FGwMv3WOvdYheL.1iGhx4eeDVo67qp.OPmh1BJHs0z0G"], ["organization_id", 10], ["created_at", 2016-07-25 15:39:56 UTC], ["updated_at", 2016-07-25 15:39:56 UTC]] 
    (0.7ms) commit transaction 
Redirected to http://localhost:3000/ 
Completed 302 Found in 64ms (ActiveRecord: 1.1ms) 

我認爲，問題的根源是organization"=>{"name"=>"myOrg"}的參數提交時，它應該是organization_attributes呢？

Answer 1

你的猜測是正確的，但還有其他一些問題。

1. 正如您所提到的，將strong_params選項更改爲organization_attributes。
2. 向後有accepts_nested_attributes。由於您使用user_params創建用戶，因此您的用戶模型需要accepts_nested_attributes :organization，而組織不需要它（除非您在其他地方使用它）。
3. 調整完模型後，您不需要通過@user.build_organization(user_params[:organization_attributes])明確構建組織。該行可以被刪除。

最後，我只想指出，您可能不希望允許admin標誌被傳遞，因爲這可能存在安全風險。顯然不知道你的應用，但只是想提到它。