1
我在這裏有一個小問題,我試圖使用嵌套屬性的窗體,我不斷收到一個未經許可的參數錯誤。這是user.rb文件中的代碼:爲什麼在使用嵌套窗體的Rails中出現未經許可的參數錯誤?
class User < ActiveRecord::Base
has_many :topics
has_many :subjects, through: :topics
end
這是subject.rb文件中的代碼:
class Subject < ActiveRecord::Base
has_many :topics
has_many :users, through: :topics, dependent: :destroy
accepts_nested_attributes_for :topics, reject_if: :all_blank, update_only: true,allow_destroy: true
validates :name, presence: true
end
這是topic.rb文件中的代碼:
class Topic < ActiveRecord::Base
belongs_to :subject
belongs_to :user
validates :name, presence: true
end
這是我的代碼subjects_controller.rb:
class SubjectsController < ApplicationController
before_filter :require_login
def new
@subject = current_user.subjects.build
@subject.topics.build
end
def create
@subject = current_user.subjects.build(subject_params)
if @subject.save
flash[:success] = "New subject created!"
redirect_to user_path(@user)
else
flash[:error] = "Errors!!!"
render :new
end
end
private
def subject_params
params.require(:subject).permit(:name, topics_attributes: [:name,:user_id,:subject_id])
end
end
這是我認爲的代碼創建窗體:
<%= form_for @subject do |f| %>
<%= f.label :name, "Subject" %><br>
<%= collection_select :user, :subject_id, Subject.all, :id, :name %>
<%= f.fields_for :topic do |t| %>
<%= t.label :name, "Topic" %>
<%= t.text_field :name %>
<% end %>
<div class="text-center"><%= f.submit class: "button radius" %></div>
<% end %>
這是我topics_controller.rb:
class TopicsController < ApplicationController
before_filter :require_login
before_action :find_subject
def new
@topic = @subject.topics.build
end
def create
@topic = @subject.topics.build(topic_params)
@topic.user_id = current_user.id
if @topic.save
flash[:success] = "Success!"
else
flash[:error] = "Error!"
end
end
private
def topic_params
params.require(:topic).permit(:name,:subject_id,:user_id)
end
def find_subject
@subject = Subject.find(params[:subject_id])
end
end
我在想爲什麼我收到一個Unpermitted parameters: topic錯誤的原因是因爲我在提交表單時不會傳入「user_id」或「subject_id」。如果是這種情況,我會怎樣做一個隱藏的表單字段?還是有人有任何其他的建議,我可能會出錯哪裏?
這是服務器日誌什麼是目前發生的事情:
Processing by SubjectsController#create as HTML
Processing by SubjectsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"o42ESf7kQ4R3pB6CUvcEetmqoZOmIK8V4UrVTQ5BW/M=", "user"=>{"subject_id"=>"1"}, "subject"=>{"topics_attributes"=>{"0"=>{"name"=>"something"}}}, "commit"=>"Create Subject"}
Parameters: {"utf8"=>"✓", "authenticity_token"=>"o42ESf7kQ4R3pB6CUvcEetmqoZOmIK8V4UrVTQ5BW/M=", "user"=>{"subject_id"=>"1"}, "subject"=>{"topics_attributes"=>{"0"=>{"name"=>"something"}}}, "commit"=>"Create Subject"}
User Load (1.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 2]]
User Load (1.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 2]]
(0.2ms) BEGIN
(0.2ms) BEGIN
(0.3ms) ROLLBACK
(0.3ms) ROLLBACK
謝謝你給我上的建議,現在我不再得到的是「不允許的參數」的錯誤,但現在輸入到「主題」字段中的數據實際上並未保存到數據庫中。我想我必須抓住「user_id」和「subject_id」,然後將其保存到我的數據庫中。你可以快速瀏覽一下我的topics_controller.rb,看看我可能會做錯什麼嗎? – Jamaal
請接受這個答案,因爲它解決了有關'未經許可的參數'的原始問題。在評論問題上,在提交表單時檢查服務器日誌中生成的參數哈希值,看看'user_id'和'subject_id'是否作爲'topic_attributes'的一部分傳遞。 –
最好避免直接設置id。這意味着你沒有使用rails助手,並且一旦你開始這樣做,如果你「脫離軌道」,框架的某些部分將不起作用。查看我的回答以獲得建議,並考慮接受Kirti提供的答案,並將您的問題作爲另一個SO問題發佈。 –