1. 首頁
  2. 問答
  3. 設計和StrongParams - 對於零未定義的方法許可:NilClass

設計和StrongParams - 對於零未定義的方法許可:NilClass

2014-01-29 30 views
0

我當前使用的Rails 4和I從attr_accessible到StrongParams移動的應用程序。所以,我已經定製設計的控制器:設計和StrongParams - 對於零未定義的方法許可:NilClass

class UsersController < Devise::RegistrationsController 
    load_and_authorize_resource 

    #... 

    def update 
    unless @user.userable? 
     if params[:selected_person_type] == I18n::t('activerecord.attributes.user.individual') 
     redirect_to new_individual_path and return 
     elsif params[:selected_person_type] == I18n::t('activerecord.attributes.user.legal_entity') 
     redirect_to new_legal_entity_path and return 
     end 
    end 

    @avatar = params[:avatar_id].present? ? Avatar.find_by(id: params[:avatar_id]) : @user.avatar 

    if params[:user][:password].blank? 
     if @user.update_without_password(user_params) 
     notice = if @user.unconfirmed_email.present? && Date.today == @user.confirmation_sent_at.to_date 
      t('devise.confirmations.send_instructions') 
     else 
      t('views.messages.notices.personal_data_updated') 
     end 
     redirect_to edit_user_path(@user), notice: notice and return 
     end 
    else 
     if @user.valid_password?(params[:user][:current_password]) 
     params[:user].delete("current_password") 
     if @user.update_attributes(user_params) && @user.save 
      sign_in(@user, bypass: true) 
      redirect_to edit_user_path(@user), notice: t('views.messages.notices.personal_data_updated') and return 
     end 
     else 
     @user.errors.add(:current_password, :invalid) 
     end 
    end 

    render action: "edit" 
    end 

    def create 
    if resource.save 
     SystemMailer.send_mail(to: resource.email, body: resource.temp_password, subject: I18n.t('mailers.password.new')).deliver if resource.generate_password == '1' 

     if request.xhr? 
     expire_data_after_sign_in! 
     respond_to do |format| 
      format.js 
     end 
     else 
     super 
     end 
    else 
     if request.xhr? 
     clean_up_passwords(resource) 
     respond_to do |format| 
      format.js 
     end 
     else 
     super 
     end 
    end 
    end 

    private 

    def user_params 
    if current_user.present? 
     params.require(:user).permit(:fullname, :about, :username, :email, :current_password, :password, :password_confirmation) 
    end 
    end 
end

我之前得到了錯誤:

Failure/Error: post :create, user: attributes_for(:unconfirmed_user) 
    ActiveModel::ForbiddenAttributesError: 
     ActiveModel::ForbiddenAttributesError

這是因爲康康舞不StrongParams那麼兼容,所以我在ApplicationController中嘗試此修復程序:

class ApplicationController < ActionController::Base 
    include SimpleCaptcha::ControllerHelpers 
    include CaptchaHelper 

    # Prevent CSRF attacks by raising an exception. 
    # For APIs, you may want to use :null_session instead. 
    protect_from_forgery with: :exception 

    before_filter :cancan_workaround 

    rescue_from CanCan::AccessDenied do |e| 
    redirect_to '/', flash: { error: I18n.t('views.messages.notices.access_denied') } 
    end 

    private 

    def cancan_workaround 
    resource = controller_name.singularize.to_sym 
    method = "#{resource}_params" 
    params[resource] &&= send(method) if respond_to?(method, true) 
    end 
end

該修復程序後,我得到這個錯誤:

UsersController should successfully create user 
    Failure/Error: post :create, user: attributes_for(:unconfirmed_user) 
    NoMethodError: 
     undefined method `permit' for nil:NilClass 
    # ./app/controllers/users_controller.rb:75:in 'create' 
    # ./spec/controllers/users_controller_spec.rb:10:in `block (3 levels) in <top (required)>' 
    # ./spec/controllers/users_controller_spec.rb:9:in `block (2 levels) in <top (required)>'

這裏是./app/controllers/users_controller.rb:75:in 'create'是在動作super電話。任何想法如何解決這個問題?

來源

2014-01-29 ExiRe

回答

0

好吧,我明白了。問題不在設計,這是我的權限:

private 

    def user_params 
    if current_user.present? 
     params.require(:user).permit(:fullname, :about, :username, :email, :current_password, :password, :password_confirmation) 
    end 
    end

測試對非簽約用戶的評價,所以當康康舞的鉤子試圖執行此方法:

params[resource] &&= send(method) if respond_to?(method, true)

它接受了零,因爲用戶,沒有登錄的,所以鉤轉化:user => { ... }:user => nil。所以,我經不起current_user.present?固定它。

private 

    def user_params 
    params.require(:user).permit(:fullname, :about, :username, :email, :current_password, :password, :password_confirmation) 
    end

不確定此解決方案的安全性如何。

來源

2014-01-29 14:04:15 ExiRe

0

設計

設計並不像其他的Rails輸入系統的工作 - 它使用自己的後端功能來處理PARAMS。看來設計允許自動email & password參數,可以和你的工作添加其他PARAMS其parameter_sanitizer

Devise and Strong Parameters

底線是,根據Devise documentation,你將不得不使用這樣的事情:

#app/controllers/application_controller.rb 
class ApplicationController < ActionController::Base 
    before_filter :configure_permitted_parameters, if: :devise_controller? 

    protected 

    def configure_permitted_parameters 
    devise_parameter_sanitizer.for(:sign_up) << :username 
    end 
end

來源

2014-01-29 09:22:59

相關問題

 相關問題