Rails 入门教程:5.7 显示帖子——无禁止属​​性错误 [英] Getting Started With Rails Tutorial: 5.7 Showing posts -- No Forbidden Attributes Error

问题描述

我一直在关注这个 Rails 教程:

I've been following this Rails tutorial:

http://guides.rubyonrails.org/getting_started.html

第 5.7 节告诉我，我应该期待 ActiveModel::ForbiddenAttributesError

Section 5.7 tells me that I should expect an ActiveModel::ForbiddenAttributesError

问题是，我没有收到错误信息.它可以在没有 permit 关键字的情况下工作.

The thing is, I don't get the error. It works without the permit keyword.

我的创建方法如下所示:

My create method looks like this:

  def create
    @post = Post.new(post_params)
    @post.save
    redirect_to @post
  end

我正在使用 Rails 4.0 和 Ruby 2.0.知道为什么强参数安全功能不起作用吗?

I'm working with Rails 4.0 and Ruby 2.0. Any idea why the strong parameters security function isn't working?

推荐答案

文档实际上具有误导性，您说得对.

The documentation is actually misleading, you're right.

如果您按照第 5.6 章所示对控制器进行编码

If you coded your controller as shown in chapter 5.6

def create
  @post = Post.new(post_params)

  @post.save
  redirect_to @post
end

private
  def post_params
    params.require(:post).permit(:title, :text)
 end

您已经允许使用参数title 和text.

you're already permitting the use of the parameters title and text.

下一章 (5.7) 假定您尚未使用 permit 方法.

The next chapter (5.7) assumes you didn't use the permit-method already.

如果您将第 2 行更改为:

If you'd change Line 2 to:

 @post = Post.new(post_params)

如截图所示，错误将被抛出.此外，第 5.7 章中的修复"并没有像您那样定义新的私有方法 post_params，而是应用内联修复.

as seen in the screenshot, the error will be thrown. Additionally, the 'fix' in chapter 5.7 doesn't define a new private method post_params as you did, but applies the fix inline.

@post = Post.new(params[:post].permit(:title, :text))

这篇关于Rails 入门教程:5.7 显示帖子——无禁止属​​性错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！