0

我不断收到此错误,并且已使模型中的属性可访问:

class Contest < ActiveRecord::Base
attr_accessible  :optinpartners_attributes, :prizes_attributes, :css, :description,      :enddate, :promotion, :rules, :slug, :startdate, :title


 accepts_nested_attributes_for :optinpartners
 accepts_nested_attributes_for :prizes


  has_many :contest_entries
  has_many :contestants, :through => :contest_entries


  has_many :contest_prizes
  has_many :prizes, :through => :contest_prizes  

  has_many :contest_optins
  has_many :optinpartners, :through => :contest_optins

确切的错误是:

Can't mass-assign protected attributes: prize, optininpartner


app/controllers/contests_controller.rb:49:in `new'
app/controllers/contests_controller.rb:49:in `create'

根据我的理解:如果模型中的属性可以访问,这应该不是问题。但是批量分配也是一个安全漏洞,那么如何在不牺牲安全性的情况下解决这个问题呢?

编辑: 根据要求:这是竞赛的 _form.erb.html 文件。并且此片段用于奖品和选择加入

<h2> Enter information on prizes </h2>

<%= f.fields_for :prize do |builder| %>

<%= builder.label :prize, "Prize" %><br/>
 <%= builder.text_field :prize%><br/>
<br/>
<%= builder.label :description, "Description" %>
<%= builder.text_field :description%>


<%end%>
<hr>

<hr>
<h2> Enter information on Opt-In Partners </h2>

<%= f.fields_for :optinpartner do |builder| %>

<%= builder.label :name, "Name of Partner" %> 
<%= builder.text_field :name%>

<%end%>
<hr>
4

1 回答 1

0

在 attr_accessible 中,不要使用复数 :optinpartners_attributes 和 :prizes_attributes,而是使用单数形式 - :optionpartner_attributes 和 :prize_attributes。

attr_accessible  :optinpartner_attributes, :prize_attributes, :css, :description,      :enddate, :promotion, :rules, :slug, :startdate, :title
于 2013-05-01T15:21:38.407 回答