0

升级到 rails 3.2.8 后,我在 rails 3.2.6 中通过质量分配的私有方法不再通过,我不断收到质量分配错误。

我的控制器是

class AddressesController < BaseController
  # GET /addresses
  # GET /addresses.json
  def index
    @address = Address.new

    form_info
    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @addresses }
    end
  end

  # GET /addresses/1
  # GET /addresses/1.json
  def show
    @address = Address.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @address }
    end
  end

  # GET /addresses/new
  # GET /addresses/new.json
  def new
    @address = Address.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @address }
    end
  end

  # GET /addresses/1/edit
  def edit
    @address = Address.find(params[:id])
  end

  # POST /addresses
  # POST /addresses.json
  def create
    if params[:address].present?
      @address = current_user.addresses.new(params[:address])
      @address.default = true          if current_user.default_shipping_address.nil?
      @address.save_default_address(current_user, params[:address])
    elsif params[:address_id].present?
      @address = current_user.addresses.find(params[:address_id])
    end
    respond_to do |format|

      if @address.id
        update_order_address_id(@address.id)
        format.html { redirect_to(orders_url, :notice => 'Address was successfully created.') }
      else
        form_info
        format.html { render :action => "index" }
      end
    end
  end

  # PUT /addresses/1
  # PUT /addresses/1.json
  def update
    @address = Address.find(params[:id])

    respond_to do |format|
      if @address.update_attributes(params[:address])
        format.html { redirect_to @address, notice: 'Address was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @address.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /addresses/1
  # DELETE /addresses/1.json
  def destroy
    @address = Address.find(params[:id])
    @address.destroy

    respond_to do |format|
      format.html { redirect_to addresses_url }
      format.json { head :no_content }
    end
  end

  private

  def update_order_address_id(id)
    session_order.update_attributes(
        :address_id => id
    )
  end

  def form_info
    @addresses = current_user.addresses
  end



end

创建地址后,我希望它执行update_order_address_id(id)方法,但它一直告诉我

Can't mass-assign protected attributes: address_id

这一切都是在升级到 rails 3.2.8 之后开始的。有没有人知道我该如何解决这个问题或对此有任何建议。

4

1 回答 1

0

尝试将此行添加到模型中

attr_accessible :address_id

https://stackoverflow.com/a/4538861/643500

编辑:

不确定你是否读过这个

class AccountsController < ApplicationController
  include ActiveModel::MassAssignmentSecurity

  attr_accessible :first_name, :last_name
  attr_accessible :first_name, :last_name, :plan_id, :as => :admin

  def update
    ...
    @account.update_attributes(account_params)
    ...
  end

  protected

  def account_params
    role = admin ? :admin : :default
    sanitize_for_mass_assignment(params[:account], role)
  end

end

http://api.rubyonrails.org/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html

于 2012-10-03T15:50:48.410 回答