请为 params(strong_parameters) 使用新的推荐保护模型或将 `protected_attributes` 添加到您的 gemfile [英] Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your gemfile

问题描述

这发生在我将 attr_accessible 添加到我的关系模型时.

This happened when I added an attr_accessible to my Relationship model.

class Relationship < ActiveRecord::Base
  attr_accessible :followed_id
end

不使用 Devise 或 protected_attributes gem，有什么方法可以解决这个问题?我知道在控制器中你调用了一个需要和允许字段的私有方法.这也是你应该在模型中做的事情吗?这里的约定是什么?

Without using Devise or a protected_attributes gem, what is the way around this? I know that in controllers you call a private method requiring and permitting fields. Is this something you should do in the model too? What is the convention here?

谢谢！

推荐答案

在 Rails 4 中，您使用强参数而不是受保护的属性.(你不需要在你的 gemfile 中包含 gem，因为它已经包含了.)

In Rails 4 you use Strong Parameters instead of Protected Attributes. (You don't need to include the gem in your gemfile as it's already included.)

您从模型中取出 Rails 3 attr_accessible 代码并将相应的代码放入控制器中.有关更多文档，请参阅此处:https://github.com/rails/strong_parameters

You take the Rails 3 attr_accessible code out of your model and put corresponding code into your controller. See here for more documentation: https://github.com/rails/strong_parameters

就您而言，例如:

class RelationshipController < ActionController::Base
  def create
    @relationship = Relationship.new(relationship_params)

    if @relationship.save
        # do something
    else
        # do something
    end
  end

  private
    def relationship_params
      params.require(:relationship).permit(:followed_id)
    end
end

这是我刚刚看到的一篇很好的文章:http://blog.sensible.io/2013/08/17/strong-parameters-by-example.html

Here's a good article I just came across about this: http://blog.sensible.io/2013/08/17/strong-parameters-by-example.html

这篇关于请为 params(strong_parameters) 使用新的推荐保护模型或将 `protected_attributes` 添加到您的 gemfile的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！