1. 首頁
  2. 問答
  3. rails 4強參數ForbiddenAttributesError

rails 4強參數ForbiddenAttributesError

2013-11-22 115 views
4

我似乎無法找到問題。 在我聯繫:: CompetitionsController <的ApplicationController我做rails 4強參數ForbiddenAttributesError

def create 
     respond_to do |format| 
      if @competition.save(competition_params) 
       format.html { 
        flash[:success] = 'Success!' 
        redirect_to competition_path 
       } 
      else 
       format.html { 
        render :action => 'edit' 
       } 
      end 
     end 
    end 
def competition_params 
    params.require(:competition).permit(:name, :date, :sex, :category, :country_id, :description, :article, :result) 
end

我的遷移是這樣的:

create_table :competitions do |t| 
     t.string :name 
     t.date :date 
     t.integer :sex 
     t.integer :category 
     t.integer :country_id 
     t.string :article 
     t.string :result 
     t.string :description 
    end

這是我的表格:

<%= form_for [:admin, @competition], :html => {:class => "form"} do |f| %> 
    <div class="form-group"> 
     <%= f.label :name %> 
     <%= f.text_field :name, :class => 'form-control' %> 
    </div> 

    <div class="form-group"> 
     <%= f.label :date %> 
     <%= f.date_select :date, :class => 'form-control' %> 
    </div> 

    <div class="form-group"> 
     <%= f.label "Gender" %> 
     <%= f.select "sex", options_for_select(@sex), :class => 'form-control' %> 

     <%= f.label :category %> 
     <%= f.select "category", options_for_select(@category), :class => 'form-control' %> 
    </div> 
    <div class="form-group"> 
     <%= f.select :country_id, Country.all.collect { |country| [country.name, country.id] }, 
        { :prompt => "Select Country" } %> 
    </div> 

    <div class="form-group"> 
     <%= f.label :description %> 
     <%= f.text_area :description, :class => 'form-control', :rows=>5 %> 
    </div> 


    <div class="form-group"> 
     <%= f.label :article %> 
     <%= f.text_field :article, :class => 'form-control' %> 
    </div> 
    <div class="form-group"> 
     <%= f.label :result %> 
     <%= f.text_field :result, :class => 'form-control' %> 
    </div> 



    <%= f.submit :class=>'btn btn-primary' %> 
<% end %>

的請求參數,我得到:

{"utf8"=>"✓", 
"authenticity_token"=>"hFayDADwjR0ZfhKZfnHKbzJntwDrzHiZ/3H61LcJsEA=", 
"competition"=>{"name"=>"", 
"date(1i)"=>"2013", 
"date(2i)"=>"11", 
"date(3i)"=>"22", 
"sex"=>"1", 
"category"=>"1", 
"country_id"=>"", 
"description"=>"", 
"article"=>"", 
"result"=>""}, 
"commit"=>"Create Competition"}

每當我得到ActiveModel :: ForbiddenAttributesError。我試圖允許不同的參數沒有成功。我不知道該怎麼試。

完整的錯誤頁面:

ActiveModel::ForbiddenAttributesError in Admin::CompetitionsController#create 
ActiveModel::ForbiddenAttributesError 

Rails.root: /home/linux/RubymineProjects/Tabor 

Application Trace | Framework Trace | Full Trace 
activemodel (4.0.0) lib/active_model/forbidden_attributes_protection.rb:21:in `sanitize_for_mass_assignment' 
activerecord (4.0.0) lib/active_record/attribute_assignment.rb:21:in `assign_attributes' 
activerecord (4.0.0) lib/active_record/core.rb:192:in `initialize' 
activerecord (4.0.0) lib/active_record/inheritance.rb:27:in `new' 
activerecord (4.0.0) lib/active_record/inheritance.rb:27:in `new' 
cancan (1.6.10) lib/cancan/controller_resource.rb:85:in `build_resource' 
cancan (1.6.10) lib/cancan/controller_resource.rb:66:in `load_resource_instance' 
cancan (1.6.10) lib/cancan/controller_resource.rb:32:in `load_resource' 
cancan (1.6.10) lib/cancan/controller_resource.rb:25:in `load_and_authorize_resource' 
cancan (1.6.10) lib/cancan/controller_resource.rb:10:in `block in add_before_filter' 
activesupport (4.0.0) lib/active_support/callbacks.rb:447:in `_run__2070627161148806707__process_action__callbacks' 
activesupport (4.0.0) lib/active_support/callbacks.rb:80:in `run_callbacks' 
actionpack (4.0.0) lib/abstract_controller/callbacks.rb:17:in `process_action' 
actionpack (4.0.0) lib/action_controller/metal/rescue.rb:29:in `process_action' 
actionpack (4.0.0) lib/action_controller/metal/instrumentation.rb:31:in `block in process_action' 
activesupport (4.0.0) lib/active_support/notifications.rb:159:in `block in instrument' 
activesupport (4.0.0) lib/active_support/notifications/instrumenter.rb:20:in `instrument' 
activesupport (4.0.0) lib/active_support/notifications.rb:159:in `instrument' 
actionpack (4.0.0) lib/action_controller/metal/instrumentation.rb:30:in `process_action' 
actionpack (4.0.0) lib/action_controller/metal/params_wrapper.rb:245:in `process_action' 
activerecord (4.0.0) lib/active_record/railties/controller_runtime.rb:18:in `process_action' 
actionpack (4.0.0) lib/abstract_controller/base.rb:136:in `process' 
actionpack (4.0.0) lib/abstract_controller/rendering.rb:44:in `process' 
actionpack (4.0.0) lib/action_controller/metal.rb:195:in `dispatch' 
actionpack (4.0.0) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch' 
actionpack (4.0.0) lib/action_controller/metal.rb:231:in `block in action' 
actionpack (4.0.0) lib/action_dispatch/routing/route_set.rb:80:in `call' 
actionpack (4.0.0) lib/action_dispatch/routing/route_set.rb:80:in `dispatch' 
actionpack (4.0.0) lib/action_dispatch/routing/route_set.rb:48:in `call' 
actionpack (4.0.0) lib/action_dispatch/journey/router.rb:71:in `block in call' 
actionpack (4.0.0) lib/action_dispatch/journey/router.rb:59:in `each' 
actionpack (4.0.0) lib/action_dispatch/journey/router.rb:59:in `call' 
actionpack (4.0.0) lib/action_dispatch/routing/route_set.rb:655:in `call' 
warden (1.2.3) lib/warden/manager.rb:35:in `block in call' 
warden (1.2.3) lib/warden/manager.rb:34:in `catch' 
warden (1.2.3) lib/warden/manager.rb:34:in `call' 
rack (1.5.2) lib/rack/etag.rb:23:in `call' 
rack (1.5.2) lib/rack/conditionalget.rb:35:in `call' 
rack (1.5.2) lib/rack/head.rb:11:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/params_parser.rb:27:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/flash.rb:241:in `call' 
rack (1.5.2) lib/rack/session/abstract/id.rb:225:in `context' 
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/cookies.rb:486:in `call' 
activerecord (4.0.0) lib/active_record/query_cache.rb:36:in `call' 
activerecord (4.0.0) lib/active_record/connection_adapters/abstract/connection_pool.rb:626:in `call' 
activerecord (4.0.0) lib/active_record/migration.rb:369:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call' 
activesupport (4.0.0) lib/active_support/callbacks.rb:373:in `_run__3850854791608649842__call__callbacks' 
activesupport (4.0.0) lib/active_support/callbacks.rb:80:in `run_callbacks' 
actionpack (4.0.0) lib/action_dispatch/middleware/callbacks.rb:27:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/reloader.rb:64:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/remote_ip.rb:76:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call' 
railties (4.0.0) lib/rails/rack/logger.rb:38:in `call_app' 
railties (4.0.0) lib/rails/rack/logger.rb:21:in `block in call' 
activesupport (4.0.0) lib/active_support/tagged_logging.rb:67:in `block in tagged' 
activesupport (4.0.0) lib/active_support/tagged_logging.rb:25:in `tagged' 
activesupport (4.0.0) lib/active_support/tagged_logging.rb:67:in `tagged' 
railties (4.0.0) lib/rails/rack/logger.rb:21:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/request_id.rb:21:in `call' 
rack (1.5.2) lib/rack/methodoverride.rb:21:in `call' 
rack (1.5.2) lib/rack/runtime.rb:17:in `call' 
activesupport (4.0.0) lib/active_support/cache/strategy/local_cache.rb:83:in `call' 
rack (1.5.2) lib/rack/lock.rb:17:in `call' 
actionpack (4.0.0) lib/action_dispatch/middleware/static.rb:64:in `call' 
railties (4.0.0) lib/rails/engine.rb:511:in `call' 
railties (4.0.0) lib/rails/application.rb:97:in `call' 
rack (1.5.2) lib/rack/lock.rb:17:in `call' 
rack (1.5.2) lib/rack/content_length.rb:14:in `call' 
rack (1.5.2) lib/rack/handler/webrick.rb:60:in `service' 
/home/linux/.rvm/rubies/ruby-2.1.0-preview1/lib/ruby/2.1.0/webrick/httpserver.rb:138:in `service' 
/home/linux/.rvm/rubies/ruby-2.1.0-preview1/lib/ruby/2.1.0/webrick/httpserver.rb:94:in `run' 
/home/linux/.rvm/rubies/ruby-2.1.0-preview1/lib/ruby/2.1.0/webrick/server.rb:295:in `block in start_thread' 
Request 

Parameters: 

{"utf8"=>"✓", 
"authenticity_token"=>"N8DJKWtnMtunizyY4oGBuGNiL9UNIc63sM2PHWxpXtY=", 
"competition"=>{"name"=>"", 
"date(1i)"=>"2013", 
"date(2i)"=>"11", 
"date(3i)"=>"22", 
"sex"=>"1", 
"category"=>"1", 
"country_id"=>"", 
"description"=>"", 
"article"=>"", 
"result"=>""}, 
"commit"=>"Create Competition"} 

Toggle session dump 
_csrf_token: "N8DJKWtnMtunizyY4oGBuGNiL9UNIc63sM2PHWxpXtY=" 
session_id: "116666f7d0e5494da6a99d481c7e8cc8" 
warden.user.user.key: [[1], "$2a$10$oe41UVUa5llNALpv5gIeXu"] 

Toggle env dump 
GATEWAY_INTERFACE: "CGI/1.1" 
HTTP_ACCEPT: "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" 
HTTP_ACCEPT_ENCODING: "gzip,deflate,sdch" 
HTTP_ACCEPT_LANGUAGE: "sl-SI,sl;q=0.8,en-GB;q=0.6,en;q=0.4" 
REMOTE_ADDR: "127.0.0.1" 
REMOTE_HOST: "127.0.0.1" 
SERVER_NAME: "0.0.0.0" 
SERVER_PROTOCOL: "HTTP/1.1"

來源

2013-11-22 user1116724

+3

你會注意到,該日期已被打破長達3個組成部分 - 這是可能是您的問題的來源... – PinnyM

+0

請在發生錯誤時發佈Web服務器的輸出。 – Beartech

+0

你在哪裏實例化@competition? – AndyV

回答

3

試着改變你的白名單來處理多部分日期參數:

def competition_params 
    params.require(:competition).permit(:name, :"date(1i)", :"date(2i)", :"date(3i)", :sex, :category, :country_id, :description, :article, :result) 
end

此外,此代碼看起來不正確:

if @competition.save(competition_params)

假設您已經有Competition實例分配給@competition - 你應該使用update_attributes

if @competition.update_attributes(competition_params)

否則,先爲其分配:

@competition = Competition.new(competition_params) 
if @competition.save

來源

2013-11-22 17:10:38 PinnyM

+0

我使用cancan中的load_and_authorize_resource,它使用before過濾器將資源加載到實例變量中併爲每個動作授權它,但是它應該是@ competition.save(without (competition_params))。它在我的其他控制器上工作得很好。我不知道你可以使用一個字符串作爲一個散列,遺憾的是它沒有奏效。 (我也嘗試過沒有load_and_authorize,並把@ competition = Competition.new(competition_params),正如你所建議的,但我仍然得到相同的錯誤 – user1116724

+0

@ user1116724:請發佈確切的錯誤消息(與堆棧跟蹤) – PinnyM

+0

添加錯誤頁的複製粘貼問題 – user1116724

2

這是通過慘慘嘗試將控制器代碼執行之前分配屬性造成的。您需要添加一個before_action來分配new_user,而不是在控制器操作中進行。

還要確保create_and_authorize_resourcebefore_action

詳情請參閱this question

來源

2014-02-24 23:10:33 Doug

+0

太棒了這對我有用。 –

0

上面的答案適用於我。以下是用於需要它的任何人的代碼示例。

class WhateversController < ApplicationController 
    before_action :cancan_rails4_hack 
    load_and_authorize_resource 

    def cancan_rails4_hack 
    @event = Event.new 
    end 
end

來源

2014-03-26 15:55:33

0

CanCan不能使用Rails4。改用CanCanCan。

默認情況下,康康舞將試圖淨化輸入:創建和 :更新的航線看,如果你的控制器將向 下面的方法應對(按順序):

CREATE_PARAMS或update_params(視在動作你是 進行)_params如article_params(這是在軌 默認慣例命名您的PARAM法) resource_params(你可以在每個 控制器指定一個一般命名法)此外,load_and_authorize_resource現在可以採取 param_method選項在控制器中指定一個自定義方法,以 運行以清理輸入。

我也做了移植,只是更換線的Gemfile:

gem 'cancancan', '~> 1.10'

鏈接在這裏:https://github.com/CanCanCommunity/cancancan

來源

2015-06-29 16:05:59

相關問題

 相關問題