4

我正在关注 Lynda.com 的教程 Ruby on Rail 3 Essential Training。我很难创建一个活动记录条目。这是我在控制台中遇到的错误。

1.9.3p125 :007 > user = User.new(:first_name => "Mike", :last_name => "Jones")
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: first_name, last_name
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activemodel-3.2.3/lib/active_model/mass_assignment_security.rb:230:in `sanitize_for_mass_assignment'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activerecord-3.2.3/lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/activerecord-3.2.3/lib/active_record/base.rb:498:in `initialize'
    from (irb):7:in `new'
    from (irb):7
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/railties-3.2.3/lib/rails/commands/console.rb:47:in `start'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/railties-3.2.3/lib/rails/commands/console.rb:8:in `start'
    from /home/mark/.rvm/gems/ruby-1.9.3-p125/gems/railties-3.2.3/lib/rails/commands.rb:41:in `<top (required)>'
    from script/rails:6:in `require'
    from script/rails:6:in `<main>`

这就是我的模型中的内容:

class User < ActiveRecord::Base
  attr_accessible :first_name, :last_name
end

我究竟做错了什么。我有导轨 3.2.3

4

6 回答 6

10

据我所知,lynda 课程是在 rails3 和 rails 3.2.3 上开发的,默认情况下没有质量分配。你必须去你的模型并添加 attr_accessible :name, :position, :visible。基本上,您必须添加要批量分配的每个属性。

于 2012-04-22T20:37:00.763 回答
4

尝试重新启动控制台。如果您在控制台启动后为用户创建了模型,您应该重新启动它。

于 2012-04-17T00:13:37.673 回答
2

我也遵循 Lynda.com 的教程 Ruby on Rail 3 Essential Training,如果有人遇到同样的问题,这对我有用,

关闭安全设置。打开 config/application.rb 并将 config.active_record.whitelist_attributes 更改为 false 而不是 true。这会降低您的应用程序的安全性,但可以让您快速推进本教程。这是来自:http ://www.lynda.com/Ruby-on-Rails-3-tutorials/essential-training/55960-2/faqs

于 2013-02-12T16:57:23.087 回答
2

我刚刚将 attr_accessible :first_name, :last_name, :username 行添加到模型文件中。这对我有用。

于 2012-07-09T01:51:34.850 回答
2

在没有任何预防措施的情况下,大规模赋值允许攻击者设置任何数据库列的值,因此默认情况下它已被禁用。

def signup
  params[:user] # => {:name => “ow3ned”, :admin => true}
  @user = User.new(params[:user])
end

详细描述在Ruby On Rails 安全指南中。

于 2012-05-18T15:24:56.480 回答
0

确保放入attr_accessible :first_name, :last_name用户模型而不是控制器。

于 2012-09-26T23:01:20.507 回答