Rails 入门教程:5.7 显示帖子——无禁止属性错误 [英] Getting Started With Rails Tutorial: 5.7 Showing posts -- No Forbidden Attributes Error
问题描述
我一直在关注这个 Rails 教程:
I've been following this Rails tutorial:
http://guides.rubyonrails.org/getting_started.html
第 5.7 节告诉我,我应该期待 ActiveModel::ForbiddenAttributesError
Section 5.7 tells me that I should expect an ActiveModel::ForbiddenAttributesError
问题是,我没有收到错误信息.它可以在没有 permit 关键字的情况下工作.
The thing is, I don't get the error. It works without the permit keyword.
我的创建方法如下所示:
My create method looks like this:
def create
@post = Post.new(post_params)
@post.save
redirect_to @post
end
我正在使用 Rails 4.0 和 Ruby 2.0.知道为什么强参数安全功能不起作用吗?
I'm working with Rails 4.0 and Ruby 2.0. Any idea why the strong parameters security function isn't working?
推荐答案
文档实际上具有误导性,您说得对.
The documentation is actually misleading, you're right.
如果您按照第 5.6 章所示对控制器进行编码
If you coded your controller as shown in chapter 5.6
def create
@post = Post.new(post_params)
@post.save
redirect_to @post
end
private
def post_params
params.require(:post).permit(:title, :text)
end
您已经允许使用参数title
和text
.
you're already permitting the use of the parameters title
and text
.
下一章 (5.7) 假定您尚未使用 permit
方法.
The next chapter (5.7) assumes you didn't use the permit
-method already.
如果您将第 2 行更改为:
If you'd change Line 2 to:
@post = Post.new(post_params)
如截图所示,错误将被抛出.此外,第 5.7 章中的修复"并没有像您那样定义新的私有方法 post_params
,而是应用内联修复.
as seen in the screenshot, the error will be thrown. Additionally, the 'fix' in chapter 5.7 doesn't define a new private method post_params
as you did, but applies the fix inline.
@post = Post.new(params[:post].permit(:title, :text))
这篇关于Rails 入门教程:5.7 显示帖子——无禁止属性错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!