问题看起来很简单,让我陷入困境,到目前为止已经花费了我数周的生产时间,而且我认为这个问题不会很快消失,因为它在嵌套属性出现的任何地方都会出现。
Started POST "/users" for 127.0.0.1 at 2013-11-12 04:56:03 +0100
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"afucNMlRRQkgBeKVVwOQxvjtMtvCDPiQLilr7TXXnUg=", "user"=>{"email"=>"test7@test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"test7", "last_name"=>"test7", "preferred_language"=>"en", **"master_data_contact_information"=>**{"contact_email"=>"test7@test.com", "primary_phone_number"=>"23452352345234", "secondary_phone_number"=>"324523453245", "fax_number"=>"23452345234"}, "group_token"=>""}, "commit"=>"Register"}
Completed 500 Internal Server Error in 96ms
ActiveRecord::UnknownAttributeError (unknown attribute: master_data_contact_information):
怎么可能不为人知?它就在那里。
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password,
:password_confirmation, :first_name,
:last_name, :preferred_language,
:group_token,
:master_data_contact_information =>
[:contact_email, :primary_phone_number, :secondary_phone_number, :fax_number ]
) }
end
如果我将其更改为:
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password,
:password_confirmation, :first_name,
:last_name, :preferred_language,
:group_token
) }
end
我明白了
Unpermitted parameters: master_data_contact_information
那么嵌套资源和强参数是怎么回事呢?
在 RubyMine 控制台中运行时,它运行良好。
params = ActionController::Parameters.new user: {"email"=>"test5@test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]",
"first_name"=>"testqr", "last_name"=>"nsdfjkhasdfjk", "preferred_language"=>"en", "group_token"=>"",
"master_data_contact_information"=>
{"contact_email"=>"test10@test.com", "primary_phone_number"=>"786789678678",
"secondary_phone_number"=>"56675675876567", "fax_number"=>"2456246"}}
p = params.require(:user).permit(:email, :password, :password_confirmation, :first_name,
:last_name, :preferred_language, :group_token,
:master_data_contact_information => [:contact_email, :primary_phone_number, :secondary_phone_number, :fax_number ]
)
一切都是闪亮的。
我知道 Rails 核心人员想让 Rails 更安全,但这占用了我很多时间。
它在简单模型上效果很好,是的。
当事情开始变得有点复杂时,所有的地狱都失败了。