0

我正在使用注册许可,并且除了电子邮件和密码之外还有一些额外的属性,这些属性在注册表单中,包括名字、姓氏、角色和大学,条件是角色是否是员工。

我有三个用户角色:

  enum role: { staff: 0, clinician: 1, admin: 2 }

我的实现有问题,因为注册尝试会导致以下错误:

ActiveModel::ForbiddenAttributesError in Clearance::UsersController#create

这行代码突出显示为有问题的行:

 Clearance.configuration.user_model.new(user_params).tap do |user|

我究竟做错了什么?任何帮助将不胜感激。

这是我的整个 app/clearance/users_controller.rb

class Clearance::UsersController < Clearance::BaseController
  if respond_to?(:before_action)
    before_action :redirect_signed_in_users, only: [:create, :new]
    skip_before_action :require_login, only: [:create, :new], raise: false
    skip_before_action :authorize, only: [:create, :new], raise: false
  else
    before_filter :redirect_signed_in_users, only: [:create, :new]
    skip_before_filter :require_login, only: [:create, :new], raise: false
    skip_before_filter :authorize, only: [:create, :new], raise: false
  end
  layout 'authentication'

  def new
    @user = user_from_params
    render template: "users/new"
  end

  def create
    @user = user_from_params

    if @user.save
      case @user.role
      when "staff"
        validate_user(@user)
      when "clinician"
        user.update_attribute(:approved, true)
        deliver_email(@user)
      end
    else
      render template: "users/new"
    end
  end

  private

  def validate_user(user)
    if user.whitelisted?
      user.update_attribute(:approved, true)
      deliver_email(user)
    else
      redirect_to sign_in_path,
        notice: "Your request will be analyzed"
    end
  end

  def deliver_email(user)
    user.forgot_password! #Generates confirmation token only
    mail = ::ClearanceMailer.confirm_email(user)

    if mail.respond_to?(:deliver_later)
      mail.deliver_later
    else
      mail.deliver
    end
    redirect_to sign_in_path,
      notice: "Please confirm your email address."
  end

  def avoid_sign_in
    warn "[DEPRECATION] Clearance's `avoid_sign_in` before_filter is " +
      "deprecated. Use `redirect_signed_in_users` instead. " +
      "Be sure to update any instances of `skip_before_filter :avoid_sign_in`" +
      " or `skip_before_action :avoid_sign_in` as well"
    redirect_signed_in_users
  end

  def redirect_signed_in_users
    if signed_in?
      redirect_to Clearance.configuration.redirect_url
    end
  end

  def url_after_create
    Clearance.configuration.redirect_url
  end

def user_params
  params.require(:user).permit(
    :email, 
    :password, 
    :role, 
    :first_name, 
    :last_name, 
    :university_id
  )
end

    Clearance.configuration.user_model.new(user_params).tap do |user|
      user.email = email
      user.password = password
      user.role = role
      user.first_name = first_name
      user.last_name = last_name
      if role == "staff"
        user.university = University.find(university)
      end
    end
  end

  def user_params
    params[Clearance.configuration.user_parameter] || Hash.new
  end
end
4

2 回答 2

2

Clearance 可用于使用强参数的新版本 Rails 和不使用强参数的旧版本 Rails。这意味着此代码比预期的要复杂一些。显式分配电子邮件和密码的默认实现,user_from_params因此我们在使用 attr_accessible 或强参数时完全避免大量分配。但是,我们也将剩余的参数传递给用户模型Clearance.configuration.user_model.new(user_params)

而不是覆盖user_from_params,我会调查覆盖user_params,以明确允许您想要允许的字段:

def user_params
  params.require(:user).permit(
    :email, 
    :password, 
    :role, 
    :first_name, 
    :last_name, 
    :university_id
  )
end

值得指出的是,role像这样分配实际上看起来像是一个大规模分配漏洞。您允许用户选择他们的访问级别。如果这是某种可以接受的受信任系统,那么我猜您采用的方法似乎很好。如果您依赖某些前端表单字段来限制谁可以注册每个角色......不要。

这个方法应该存在于你的用户控制器中,它应该继承自Clearance::UsersController. 看来您已选择重新定义Clearance::UsersController。我建议创建自己的 UsersController,如下所示:

class UsersController < Clearance::UsersController
  layout "authentication"

  private

  def user_params
    params.require(:user).permit(
      :email, 
      :password, 
      :role, 
      :first_name, 
      :last_name, 
      :university_id
    )
  end
end

这没有您提交的控制器的用户验证逻辑。我会尝试将其移至您的User模型。如果做不到这一点,您也可以在控制器中覆盖create

您需要确保您的路线文件指向您的UsersController而不是Clearance::UsersController.

于 2017-10-02T16:07:00.177 回答
0

问题是您不断调用user_params,它返回符号:user。为了定位正确的参数,您需要更多类似的东西:

def user_from_params

  email = params[:user].delete(:email)
  password = params[:user].delete(:password)
  role = params[:user].delete(:role)
  first_name = params[:user].delete(:first_name)
  last_name = params[:user].delete(:last_name)
  university_id = params[user].delete(:university_id)

  # and you can use whatever other params you sent with params[:user] here
  Clearance.configuration.user_model.new(params[:user]).tap do |user|
    user.email = email
    user.password = password
    user.role = role
    user.first_name = first_name
    user.last_name = last_name
    if role == "staff"
      user.university = University.find(university)
    end
  end
end
于 2017-09-28T15:56:16.617 回答