我收到以下错误:
无法批量分配受保护的属性:管理员、学生
当我使用以下seed.rb文件运行rake db:seed命令时:
roles = [
Admin: 'Unlimited Access',
Student: 'Default user role for each user created by sign-in interface.'
]
roles.each do |role, description|
SecurityUsersRole.find_or_create_by_role_and_description(role,description)
end
我的模型看起来像:
class SecurityUsersRole < ActiveRecord::Base
# Accessible columns
attr_accessible :description,
:role
# Relationships
...
# Validations
validates :description, presence: true, length: { in: 4..32 }, uniqueness: true
validates :role, length: { maximum: 256 }, presence: true
end
我已经阅读了很多关于此的内容,似乎对于最新的 Rails 版本,如果关闭Mass Assignment以防止黑客像这样攻击:
def signup
params[:user] # => {:name => “ow3ned”, :admin => true}
@user = User.new(params[:user])
end
有很多关于这个的问题,答案总是将 attr_accessible 设置为字段,但我已经这样做了。
编辑:
如果我使用以下语法({}而不是[]),则添加第一对:
roles = {
Admin: 'Unlimited Access',
Student: 'Default user role for each user created by sign-in interface.'
}
如果我这样做,什么都不会改变:
SecurityUsersRole.find_or_create_by_role_and_description('Admin','Unlimited Access')
SecurityUsersRole.find_or_create_by_role_and_description('Student','Default user role for each user created by sign-in interface.')
经过一番阅读,find_or_create_by 助手似乎 在 Rails 4.0中被贬低了。我正在使用 Rails 3.2,但也决定尝试其他技术:
roles = {
Admin: 'Unlimited Access',
Student: 'Default user role for each user created by sign-in interface.',
Test:'wtf'
}
roles.each do |role, description|
SecurityUsersRole.where(role:role,description:description).first_or_create
#puts role
#puts description
end
上面的语句仍然只创建第一条记录。我决定在 rails 控制台中执行该语句,这是我得到的输出:
SecurityUsersRole Load (5.0ms) SELECT security_users_roles.* FROM security_users_roles WHERE security_users_roles.role = 'Admin' AND security_users_roles.description = 'Unlimited Access' FETCH FIRST ROW ONLY
SecurityUsersRole Load (3.0ms) SELECT security_users_roles.* FROM security_users_roles WHERE security_users_roles.role = 'Student' AND security_users_roles.description = 'Default user role for each user created by sign-in interface.' FETCH FIRST ROW ONLY
SecurityUsersRole Exists (1.0ms) SELECT 1 AS one FROM security_users_roles WHERE security_users_roles.description = 'Default user role for each user created by sign-in interface.' FETCH FIRST ROW ONLY
SecurityUsersRole Load (1.0ms) SELECT security_users_roles.* FROM security_users_roles WHERE security_users_roles.role = 'Test' AND security_users_roles.description = 'wtf' FETCH FIRST ROW ONLY
SecurityUsersRole Exists (1.0ms) SELECT 1 AS one FROM security_users_roles WHERE security_users_roles.description = 'wtf' FETCH FIRST ROW ONLY
=> {:Admin=>"Unlimited Access", :Student=>"Default user role for each user created by sign-in interface.", :Test=>"wtf"}
我无法理解到底发生了什么,但从控制台选择所有用户只返回第一个。那么,如果搜索其他角色,为什么不创建它们,因为它们不存在?
谁能建议我可以尝试什么?