我有一个Message模型,archived在我的 Rails 4 应用程序中有一个参数。在显示视图中,我有一个button_to将archived参数设置为true. 在我向模型中添加 Devise 和 Mailer 之前,此功能之前有效Message。现在,当我单击“存档”按钮时,我收到“ActionController::InvalidAuthenticityToken”错误。我发现唯一可以避免此错误的方法是添加skip_before_filter :verify_authenticity_token, :only => [:archive]到我的Messages Controller. 但是,当我这样做时,它不会保存参数。
有没有办法通过 button_to 链接传递真实性令牌?或者有没有更好的方法来实现这一点而不会损害它的安全性?
消息.rb
class Message < ActiveRecord::Base
validates_presence_of :name, :email, :message
has_one :response
scope :unread, -> { where(viewed: nil)}
scope :viewed, -> { where(viewed: true)}
scope :inbox, -> { where(archived: nil)}
scope :archived, -> { where(archived: true)}
end
消息控制器.rb
class MessagesController < ApplicationController
include MessagesHelper
before_action :authenticate_admin!, :except => [:new]
def index
@viewed = Message.viewed
@unread = Message.unread
end
def new
@message = Message.new
end
def create
@message = Message.new(message_params)
if @message.save(message_params)
Messagemailer.message_created(@message).deliver_now
redirect_to root_path
flash.notice = "Message succesfully sent."
else
render "new"
flash.alert = "There was a problem sending your message: "
flash.alert += @message.errors.full_messages.join(", ")
end
end
def edit
@message = Message.find(params[:id])
end
def update
@message = Message.find(params[:id])
if @message.update(message_params)
redirect_to message_path(@message)
flash.notice = "Message succesfully sent."
else
render "edit"
flash.alert = "There was a problem updating the message: "
flash.alert += @message.errors.full_messages.join(", ")
end
end
def view
@message = Message.find(params[:id])
@message.viewed = true
if @message.save
redirect_to message_path(@message)
else
flash.alert = "There was a problem viewing the message"
end
end
def unview
@message = Message.find(params[:id])
@message.viewed = nil
if @message.save
redirect_to messages_path
else
flash.alert = "There was a problem un-viewing the message"
end
end
def show
@message = Message.find(params[:id])
end
def archive
@message = Message.find(params[:id])
if @message.save(:archived => true)
redirect_to messages_path
else
flash.alert = "There was a problem archiving the message"
render :show
end
end
end
MessagesHelper.rb
module MessagesHelper
def message_params
params.require(:message).permit(:name, :email, :subject, :message, :viewed, :responded, :archived)
end
end
消息显示按钮
<%= button_to 'Archive', message_archive_path(@message), :class => 'button' %></div>
任何帮助表示赞赏!谢谢!
编辑:
这显然在我所有的形式中都是正确的。这是设计问题吗?