移动的参数允许从模型到控制者负责,并使用comment_attributes代替@vinodadhikary指向我的评论
[使用Better_errors REPL,我将问题追溯到sanitize_for_mass_assignment方法。执行attributes.permitted?时返回false。但是,执行attributes.permit(:article_id, :name, :email, :body)可以准确返回我的输入参数!:
>> attributes
=> {"name"=>"Commenter", "email"=>"[email protected]", "body"=>"Here is the comment >> body!! :D"}
>> attributes.permit(:article_id, :name, :email, :body)
=> {"name"=>"Commenter", "email"=>"[email protected]", "body"=>"Here is the comment body!! :D"}
>> attributes.permitted?
=> false
[尝试与Rails 4联系,我遇到了(我认为)使用强参数的问题。
我有一个Article类,其中可以包含许多注释。创建新评论时,请执行以下操作:
@comment = @article.comments.build(params[:comment])
我收到以下错误(指向此行):
/ articles / 1 / comments中的[ActiveModel :: ForbiddenAttributesError
模型如下:
class Article < ActiveRecord::Base
validates_presence_of :title, :content
validates_uniqueness_of :title
has_many :comments, :dependent => :destroy
accepts_nested_attributes_for :comments
end
评论:
class Comment < ActiveRecord::Base
belongs_to :article
validates_presence_of :article_id, :author, :body, :content
end
Article controller在私有部分中有此:
def article_params
params.require(:article).permit(:title, :content, comments_attributes: [:article_id, :name, :email, :body])
end
Comments控制器代码为:
def create
@article = Article.find(params[:article_id])
@comment = @article.comments.build(params[:comment]) # <--- It fails here
respond_to do |format|
if @comment.save
format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
format.json { render action: 'show', status: :created, location: @comment }
else
format.html { render action: 'new' }
format.json { render json: @comment.errors, status: :unprocessable_entity }
end
end
end
模型中的方法article_params和comment_params属于各自的控制器,而不属于模型。这个想法是在控制器而不是模型中过滤传递给模型的参数。阅读http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html,了解如何允许嵌套属性使用属性。
您的模型应如下:
# Articles.rb
class Article < ActiveRecord::Base
validates_presence_of :title, :content
validates_uniqueness_of :title
has_many :comments, :dependent => :destroy
accepts_nested_attributes_for :comments
end
# Comment.rb
class Comment < ActiveRecord::Base
belongs_to :article
validates_presence_of :article_id, :author, :body, :content
end
然后将强大的参数如下移动到Articles Controller:
#ArticlesController.rb
def create
@article = Article.find(params[:article_id])
@comment = @article.comments.build(params[:comment])
respond_to do |format|
if @comment.save
format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
format.json { render action: 'show', status: :created, location: @comment }
else
format.html { render action: 'new' }
format.json { render json: @comment.errors, status: :unprocessable_entity }
end
end
end
private
def article_params
params.require(:article).permit(:title, :content, comments_attributes: [:article_id, :author, :email, :body, :content])
end
permit params方法名称应与模型/控制器相同例如,如果模型名称为“ recent_post”,则许可方法名称应为
def last_post_params..............结束