使用Devise创建has_many嵌套模型不能大量分配受保护的属性 [英] Can't mass-assign protected attributes for creating a has_many nested model with Devise

问题描述

我看过RailsCast，另一个嵌套的属性视频，很多SO的帖子，并与此进行了一段时间的争吵，但是我仍然无法想像出来。我希望这是一个很小的东西。

我有两个模型，用户（由Devise创建）和 Locker （aka，产品愿望清单），我正在为用户创建一个 Locker 注册时。我的登录表单有一个字段用于新的 Locker （正确地称为：name ），我正在尝试分配给在新用户注册时创建的储物柜。所有我遇到过的是：

警告：无法大量分配受保护的属性：locker / p>

我已尝试过 acceptable_nested_attributes 和 attr_accesible 在我的两个模型中，仍然没有任何作用。我可以从日志中看到它正在被Devise＃创建方法处理，而且我知道Devise不够聪明，无法创建我想要的模型：）

以下是我的两个模型的相关位：

 ＃user.rb 
 class User< ActiveRecord :: Base 
 attr_accessible：username，：email，：password，：password_confirmation，：remember_me，：locker_attributes 
 
＃关联
 has_many：lockers 
 has_many：lockups ，：through => ：储物柜
 
＃模型嵌套访问
 acceptance_nested_attributes_for：lockers 
 end 
  

和

 ＃locker.rb 
 class Locker< ActiveRecord :: Base 
 belongs_to：user 
 has_many：lockups 
 has_many：products，，through => ：lockups 
 
 attr_accessible：name，，description 
 end 
 
＃lockers_controller.rb（create）
 @locker = current_user.lockers.build（params [：locker]）
 @ locker.save 
  

我假设我需要覆盖Devise的创建方法，以某种方式让这个工作，但我是一个很新的轨道，并习惯了黑匣子魔法的性质。

如果有人能帮助我，我会非常感激。已经花费了太多的时间，因为它是：）

编辑：我意识到我在我的问题上省略了一些东西。我的储物柜模型有三个属性 - 名称，描述（不是强制性的）和 user_id 将其链接回用户。我的注册表单只需要名称，所以我没有循环遍历嵌套表单中的所有属性。这可能与我的问题有关吗？

编辑2：我还想出了如何覆盖Devise的注册控制器＃创建方法，我只是不知道该放在哪里。 Devise的整个资源事情对我来说没有意义，浏览他们的 RegistrationsController 的源代码没有帮助

和奖励积分：当用户提交无效数据的登录表单时，储物柜字段总是回到空白，而常规的设计字段，用户名&电子邮件，填写，这也可以很容易地修复？如果是这样，那么怎么样？

解决方案

有人帮助我用更多的Rails 4'y c $ c>强属性&如何覆盖Devise的 sign_up_params （捕获从我的注册表单获取的所有数据）。

 code> def sign_up_params 
 params.require（：user）.permit（：username，：email，：password，：lockers_attributes）
 end 
  / pre> 
 
 
 Gemfile added： gem'strong_parameters' 
 
 
 
在我的 user.rb 文件中注释出 attr_accessible 语句，因为显然很强的参数不需要code> attr_accessible 声明。
 ＃attr_accessible：用户名，电子邮件，密码， password_confirmation，：lockers 
  
在提交表单之前/ /正确构建储物柜的方式：在嵌套形式的开始：
 
 
 
 <％= l.input：name，：required => true，label：储物柜名称，：placeholder => 命名您的第一个储物柜％>  
 
 
 
再次感谢您的帮助。我知道一个这样的问题很难在没有看到整个代码库的情况下回答。
 
I've watched the RailsCast, another nested attributes video, lots of SO posts, and fought with this for a while, but I still can't figure it out. I hope it's something tiny.

I have two models, User (created by Devise), and Locker (aka, a product wishlist), and I'm trying to create a Locker for a User when they sign up. My login form has a field for the name of their new Locker (aptly called :name) that I'm trying to assign to the locker that gets created upon new user registration. All I'm ever greeted with is: 

WARNING: Can't mass-assign protected attributes: locker

I've tried every combination of accepts_nested_attributes and attr_accesible in both of my models, yet still nothing works. I can see from the logs that it's being processed by the Devise#create method, and I know Devise isn't smart enough to create my models how I want :)

Here's the relevant bits of my two models:
# user.rb    
class User < ActiveRecord::Base
  attr_accessible :username, :email, :password, :password_confirmation, :remember_me, :locker_attributes

  # Associations
  has_many :lockers
  has_many :lockups, :through => :lockers

  # Model nesting access
  accepts_nested_attributes_for :lockers
end
and
# locker.rb
class Locker < ActiveRecord::Base
  belongs_to :user
  has_many :lockups
  has_many :products, :through => :lockups 

  attr_accessible :name, :description
end

# lockers_controller.rb (create)
    @locker = current_user.lockers.build(params[:locker])
    @locker.save
I'm assuming I need to override Devise's create method to somehow get this to work, but I'm quite new to rails and am getting used to the black box "magic" nature of it all. 

If anyone can help me out, I'd be incredibly thankful. Already spent too much time on this as it is :)

EDIT: I realized I omitted something in my problem. My Locker model has three attributes - name, description (not mandatory), and user_id to link it back to the User. My signup form only requires the name, so I'm not looping through all the attributes in my nested form. Could that have something to do with my issue too?

EDIT 2: I also figured out how to override Devise's RegistrationsController#create method, I just don't know what to put there. Devise's whole resource thing doesn't make sense to me, and browsing their source code for the RegistrationsController didn't help me much either.

And for bonus points: When a user submits the login form with invalid data, the Locker field always comes back blank, while the regular Devise fields, username & email, are filled in. Could this also be fixed easily? If so, how?
解决方案
Someone helped me figure out the solution in a more "Rails 4'y" way with strong attributes & how to override Devise's sign_up_params (to catch all the data coming from my signup form).
  def sign_up_params
    params.require(:user).permit(:username, :email, :password, :lockers_attributes)
 end
Gemfile addition: gem 'strong_parameters'

Commenting out the attr_accessible statement in my user.rb file, since apparently strong parameters eliminate the need for attr_accessible declarations.
 # attr_accessible :username, :email, :password, :password_confirmation, :lockers
And the/a correct way of building a Locker before submitting the form: at the beginning of the nested form:

<%= l.input :name, :required => true, label: "Locker name", :placeholder => "Name your first locker" %>

Thanks again for all your help. I know a question like this is difficult to answer without seeing the whole codebase.

                        
这篇关于使用Devise创建has_many嵌套模型不能大量分配受保护的属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！