1

新更新

移动参数允许从模型到控制器的责任,并使用comment_attributes 而不是@vinodadhikary 指出的评论

使用 better_errors REPL,我将问题追溯到sanitize_for_mass_assignment方法。当attributes.permitted?它返回时false。但是这样做attributes.permit(:article_id, :name, :email, :body)会完全返回我的输入参数!:

>> attributes
=> {"name"=>"Commenter", "email"=>"commenter@mail.com", "body"=>"Here is the comment >> body!! :D"}
>> attributes.permit(:article_id, :name, :email, :body)
=> {"name"=>"Commenter", "email"=>"commenter@mail.com", "body"=>"Here is the comment body!! :D"}
>> attributes.permitted?
=> false

上下文和代码

在尝试接触 Rails 4 时,我遇到了(我认为)强参数使用的问题。

我有一个可以有很多评论的文章类。创建新评论时:

@comment = @article.comments.build(params[:comment])

我收到以下错误(指向此行):

/articles/1/comments 处的 ActiveModel::ForbiddenAttributesError

型号如下:

class Article < ActiveRecord::Base
  validates_presence_of :title, :content
  validates_uniqueness_of :title

  has_many  :comments, :dependent => :destroy
  accepts_nested_attributes_for :comments
end

注释:

class Comment < ActiveRecord::Base
  belongs_to :article

 validates_presence_of :article_id, :author, :body, :content
end

文章控制器在私人部分有这个:

def article_params
  params.require(:article).permit(:title, :content, comments_attributes: [:article_id, :name, :email, :body])
end

评论控制器代码是:

def create
  @article = Article.find(params[:article_id])
  @comment = @article.comments.build(params[:comment]) # <--- It fails here

  respond_to do |format|
    if @comment.save
      format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
      format.json { render action: 'show', status: :created, location: @comment }
    else
      format.html { render action: 'new' }
      format.json { render json: @comment.errors, status: :unprocessable_entity }
    end
  end
end
4

2 回答 2

3

模型中的方法article_params和方法comment_params属于它们各自的控制器而不是模型。这个想法是在控制器而不是模型中过滤传递给模型的参数。阅读http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html,了解如何允许嵌套属性的属性。

您的模型应如下所示:

# Articles.rb
class Article < ActiveRecord::Base
  validates_presence_of :title, :content
  validates_uniqueness_of :title

  has_many  :comments, :dependent => :destroy
  accepts_nested_attributes_for :comments
end

# Comment.rb
class Comment < ActiveRecord::Base
  belongs_to :article

  validates_presence_of :article_id, :author, :body, :content
end

然后将强参数移至 Articles Controller,如下所示:

#ArticlesController.rb
def create
  @article = Article.find(params[:article_id])
  @comment = @article.comments.build(params[:comment])

  respond_to do |format|
    if @comment.save
      format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
      format.json { render action: 'show', status: :created, location: @comment }
    else
      format.html { render action: 'new' }
      format.json { render json: @comment.errors, status: :unprocessable_entity }
    end
  end
end

private 
    def article_params
        params.require(:article).permit(:title, :content, comments_attributes: [:article_id, :author, :email, :body, :content])
    end
于 2013-07-26T21:13:37.977 回答
0

允许参数方法名称应与模型/控制器相同,例如,如果模型名称为“recent_post”,则允许方法名称应为

def recent_post_params ................. 结束

于 2020-05-17T10:54:47.810 回答