我不斷收到這個錯誤,我已經做模型入店的屬性:Rails的:不能大規模指派保護的屬性:獎品,optininpartner
class Contest < ActiveRecord::Base
attr_accessible :optinpartners_attributes, :prizes_attributes, :css, :description, :enddate, :promotion, :rules, :slug, :startdate, :title
accepts_nested_attributes_for :optinpartners
accepts_nested_attributes_for :prizes
has_many :contest_entries
has_many :contestants, :through => :contest_entries
has_many :contest_prizes
has_many :prizes, :through => :contest_prizes
has_many :contest_optins
has_many :optinpartners, :through => :contest_optins
確切的錯誤是:
Can't mass-assign protected attributes: prize, optininpartner
app/controllers/contests_controller.rb:49:in `new'
app/controllers/contests_controller.rb:49:in `create'
根據我的理解:如果該屬性在模型中可訪問,這應該不成問題。但是,大規模分配也是一個安全漏洞,所以如何在不犧牲安全性的情況下解決這個問題?
編輯: 由於要求:這是Contest的_form.erb.html文件。而這個片段是獎品和加入項目
<h2> Enter information on prizes </h2>
<%= f.fields_for :prize do |builder| %>
<%= builder.label :prize, "Prize" %><br/>
<%= builder.text_field :prize%><br/>
<br/>
<%= builder.label :description, "Description" %>
<%= builder.text_field :description%>
<%end%>
<hr>
<hr>
<h2> Enter information on Opt-In Partners </h2>
<%= f.fields_for :optinpartner do |builder| %>
<%= builder.label :name, "Name of Partner" %>
<%= builder.text_field :name%>
<%end%>
<hr>
你已經做了attributes_accessible,但不是實際的對象,如果你做'attr_accessible:optinpartners'它應該按預期工作。 – Doon 2013-05-01 15:16:30
你可以發佈傳遞給'create'動作的視圖表單代碼嗎? – PinnyM 2013-05-01 15:16:41
將':prize'和':optininpartner'添加到'attr_accessible'。 – 2013-05-01 15:17:13