嵌套属性不允许的参数
[英] Nested attributes unpermitted parameters
本文介绍了嵌套属性不允许的参数的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个 Bill 对象,它有许多 Due 对象.Due 对象也属于一个 Person.我想要一个可以在一个页面中创建 Bill 及其子项 Dues 的表单.我正在尝试使用嵌套属性创建一个表单,类似于 this Railscast 中的那些.
相关代码如下:
due.rb
class 到期 <ActiveRecord::Base归属于:人归属地:账单结尾
bill.rb
类比尔:破坏accepts_nested_attributes_for :dues, :allow_destroy =>真的结尾
bills_controller.rb
# GET/bills/new定义新@bill = Bill.new3.times { @bill.dues.build }结尾
bills/_form.html.erb
<%= form_for(@bill) do |f|%><div class="field"><%= f.label :company %><br/><%= f.text_field :company %>
<div class="field"><%= f.label :month%><br/><%= f.text_field :month %>
<div class="field"><%= f.label :year%><br/><%= f.number_field :year %>
<div class="actions"><%= f.submit %>
<%= f.fields_for :dues do |builder|%><%= 渲染 'due_fields', :f =>建设者%><%结束%><%结束%>
bills/_due_fields.html.erb
<%= f.label :amount, "Amount" %><%= f.text_field :amount %><br><%= f.label :person_id, "Renter" %><%= f.text_field :person_id %>
更新到 bills_controller.rb这有效!
def bill_params参数.require(:账单).permit(:company, :month, :year, dues_attributes: [:amount, :person_id])结尾
在页面上呈现正确的字段(尽管还没有 Person 的下拉列表)并且提交成功.但是,没有任何孩子的会费保存到数据库中,并且在服务器日志中抛出错误:
不允许的参数:dues_attributes
就在错误之前,日志显示:
在 2013-04-10 00:16:37 -0700 开始为 127.0.0.1 POST "/bills"由 BillsController#create 处理为 HTML<br>参数:{"utf8"=>"✓","authenticity_token"=>"ipxBOLOjx68fwvfmsMG3FecV/q/hPqUHsluBCPN2BeU=","bill"=>{"company"=>"Comcast", "month"=>"April",年"=>2013",dues_attributes"=>{"0"=>{"amount"=>"30", "person_id"=>"1"},"1"=>{"amount"=>"30", "person_id"=>"2"},"2"=>{"amount"=>"30", "person_id"=>"3"}}}, "commit"=>"创建账单"}
Rails 4 有什么变化吗?
解决方案
似乎在处理属性保护方面发生了变化,现在您必须将控制器中的参数列入白名单(而不是模型中的 attr_accessible),因为以前的可选 gem strong_parameters成为 Rails 核心的一部分.
这应该是这样的:
class PeopleController <动作控制器::基础定义创建Person.create(person_params)结尾私人的def person_paramsparams.require(:person).permit(:name, :age)结尾结尾
所以 params.require(:model).permit(:fields) 将被使用
和嵌套属性类似
params.require(:person).permit(:name, :age, pets_attributes: [:id, :name, :category])
可以在 Ruby edge API 文档和github 上的strong_parameters 或这里一个>
I have a Bill object, which has many Due objects. The Due object also belongs to a Person. I want a form that can create the Bill and its children Dues all in one page. I am trying to create a form using nested attributes, similar to ones in this Railscast.
Relevant code is listed below:
due.rb
class Due < ActiveRecord::Base
belongs_to :person
belongs_to :bill
end
bill.rb
class Bill < ActiveRecord::Base
has_many :dues, :dependent => :destroy
accepts_nested_attributes_for :dues, :allow_destroy => true
end
bills_controller.rb
# GET /bills/new
def new
@bill = Bill.new
3.times { @bill.dues.build }
end
bills/_form.html.erb
<%= form_for(@bill) do |f| %>
<div class="field">
<%= f.label :company %><br />
<%= f.text_field :company %>
</div>
<div class="field">
<%= f.label :month %><br />
<%= f.text_field :month %>
</div>
<div class="field">
<%= f.label :year %><br />
<%= f.number_field :year %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<%= f.fields_for :dues do |builder| %>
<%= render 'due_fields', :f => builder %>
<% end %>
<% end %>
bills/_due_fields.html.erb
<div>
<%= f.label :amount, "Amount" %>
<%= f.text_field :amount %>
<br>
<%= f.label :person_id, "Renter" %>
<%= f.text_field :person_id %>
</div>
UPDATE to bills_controller.rb
This works!
def bill_params
params
.require(:bill)
.permit(:company, :month, :year, dues_attributes: [:amount, :person_id])
end
The proper fields are rendered on the page (albeit without a dropdown for Person yet) and submit is successful. However, none of the children dues are saved to the database, and an error is thrown in the server log:
Unpermitted parameters: dues_attributes
Just before the error, the log displays this:
Started POST "/bills" for 127.0.0.1 at 2013-04-10 00:16:37 -0700
Processing by BillsController#create as HTML<br>
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"ipxBOLOjx68fwvfmsMG3FecV/q/hPqUHsluBCPN2BeU=",
"bill"=>{"company"=>"Comcast", "month"=>"April ",
"year"=>"2013", "dues_attributes"=>{
"0"=>{"amount"=>"30", "person_id"=>"1"},
"1"=>{"amount"=>"30", "person_id"=>"2"},
"2"=>{"amount"=>"30", "person_id"=>"3"}}}, "commit"=>"Create Bill"}
Has there been some change in Rails 4?
解决方案
Seems there is a change in handling of attribute protection and now you must whitelist params in the controller (instead of attr_accessible in the model) because the former optional gem strong_parameters became part of the Rails Core.
This should look something like this:
class PeopleController < ActionController::Base
def create
Person.create(person_params)
end
private
def person_params
params.require(:person).permit(:name, :age)
end
end
So params.require(:model).permit(:fields) would be used
and for nested attributes something like
params.require(:person).permit(:name, :age, pets_attributes: [:id, :name, :category])
Some more details can be found in the Ruby edge API docs and strong_parameters on github or here
这篇关于嵌套属性不允许的参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
