个人中心
gpt4 book ai didi

ruby-on-rails - 为什么即使我允许,Rails 仍然告诉我未经允许的参数?

转载 作者:行者123 更新时间:2023-12-01 09:49:40 25 4
gpt4 key购买 nike

我有一个 Profile具有以下功能的模型:

  has_many :transcripts, dependent: :destroy
  accepts_nested_attributes_for :transcripts, allow_destroy: true

在我的 Transcript模型,我有以下内容: 
include TranscriptUploader[:attachment]

这是一个 Shrine Uploader 坐骑。

在我的 app/views/profile/_form.html.erb ,我有以下几点: 
    <div id="transcripts" class="text-center">
      <% if @profile.transcripts.any? %>
        <% @profile.transcripts.each do |transcript| %>
          <%= link_to "Click to view Transcript", transcript.url %>
        <% end %>
      <% end %>

      <%= f.simple_fields_for :transcripts do |transcript| %>
        <%= render 'transcript_fields', f: transcript %>
      <% end %>
      <br />
      <div class="links">
        <%= link_to_add_association 'Add Transcript', f, :transcripts, class: "btn btn-success add-transcript-button" %>
      </div>
    </div>

然后在我的 views/profiles/_transcript_fields.html.erb ,我有以下几点: 
<%= f.file_field :attachment, multiple: true, class: 'col-lg-4 form-control' %>

在我的 ProfilesController ,我有以下几点: 
# truncated for brevity
def profile_params
  params.require(:profile).permit(:id, :first_name, :last_name, :dob, :height, :weight, :bib_color, :attachment, :remove_transcript, :transcript_cache, transcripts_attributes: [:id, :url, :name, :attachment, :attachment_data, :remove_transcript, :url_cache, :_destroy])
end

到目前为止一切顺利,对吧?

但是当我去添加一个新的配置文件时,我的日志是这样的: 
Started POST "/profiles" for ::1 at 2016-11-17 01:47:05 -0500
Processing by ProfilesController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"JDMTXHFCIaB3TFmCOQ==", "profile"=>{"avatar"=>"", "first_name"=>"Jack", "last_name"=>"BeNimble", "dob(3i)"=>"17", "dob(2i)"=>"11", "dob(1i)"=>"1986", "transcripts_attributes"=>{"1479365203532"=>{"attachment"=>[#<ActionDispatch::Http::UploadedFile:0x007f8901918700 @tempfile=#<Tempfile:/var/folders/0f/0gn/T/RackMultipart20161117-29277-msvds1.pdf>, @original_filename="Some-Awesome-File.pdf", @content_type="application/pdf", @headers="Content-Disposition: form-data; name=\"profile[transcripts_attributes][1479365203532][attachment][]\"; filename=\"Some-Awesome-File.pdf\"\r\nContent-Type: application/pdf\r\n">], "_destroy"=>"false"}}, "commit"=>"Create Profile"}
  User Load (2.8ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 2], ["LIMIT", 1]]
  Role Load (1.3ms)  SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'admin') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)))  [["user_id", 2]]
  Role Load (2.3ms)  SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'coach') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)))  [["user_id", 2]]
  Role Load (2.5ms)  SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'player') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)))  [["user_id", 2]]
   (3.9ms)  SELECT COUNT(*) FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1 AND (((roles.name = 'admin') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)) OR ((roles.name = 'coach') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)))  [["user_id", 2]]
Unpermitted parameter: attachment
  Tournament Load (1.1ms)  SELECT "tournaments".* FROM "tournaments" WHERE "tournaments"."id" = 1
   (5.0ms)  SELECT COUNT(*) FROM "profiles" INNER JOIN "profiles_tournaments" ON "profiles"."id" = "profiles_tournaments"."profile_id" WHERE "profiles_tournaments"."tournament_id" = $1  [["tournament_id", 1]]
   (0.9ms)  BEGIN
   (1.5ms)  COMMIT
  Position Load (2.1ms)  SELECT "positions".* FROM "positions" WHERE 1=0
Unpermitted parameter: attachment
   (0.7ms)  BEGIN
  School Load (1.2ms)  SELECT  "schools".* FROM "schools" WHERE "schools"."id" = $1 LIMIT $2  [["id", 1], ["LIMIT", 1]]
  Profile Exists (3.7ms)  SELECT  1 AS one FROM "profiles" WHERE ("profiles"."id" IS NOT NULL) AND "profiles"."slug" = $1 LIMIT $2  [["slug", "jack-benimble-st-george-s-college"], ["LIMIT", 1]]
  SQL (23.3ms)  INSERT INTO "profiles" ("first_name", "last_name", "dob", "bib_color", "created_at", "updated_at", "player_type", "school_id", "grade", "slug", "home_phone", "cell_phone", "email") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) RETURNING "id"  [["first_name", "Jack"], ["last_name", "BeNimble"], ["dob", Mon, 17 Nov 1986], ["bib_color", ""], ["created_at", 2016-11-17 06:47:05 UTC], ["updated_at", 2016-11-17 06:47:05 UTC], ["player_type", 0], ["school_id", 1], ["grade", ""], ["slug", "jack-benimble-st-george-s-college"], ["home_phone", ""], ["cell_phone", ""], ["email", ""]]
  SQL (3.5ms)  INSERT INTO "transcripts" ("profile_id", "created_at", "updated_at") VALUES ($1, $2, $3) RETURNING "id"  [["profile_id", 46], ["created_at", 2016-11-17 06:47:05 UTC], ["updated_at", 2016-11-17 06:47:05 UTC]]
  Profile Load (2.8ms)  SELECT  "profiles".* FROM "profiles" WHERE "profiles"."id" = $1 LIMIT $2  [["id", 46], ["LIMIT", 1]]
  SQL (1.7ms)  INSERT INTO "profiles_tournaments" ("profile_id", "tournament_id") VALUES ($1, $2)  [["profile_id", 46], ["tournament_id", 1]]
   (2.6ms)  COMMIT
  Profile Store (150.2ms)  {"id":46}
  Profile Store (135.8ms)  {"id":46}
Unpermitted parameter: attachment
Redirected to http://localhost:3000/profiles/jack-benimble-st-george-s-college
Completed 302 Found in 499ms (Searchkick: 286.0ms | ActiveRecord: 91.8ms)

当我也为编辑操作执行此操作时,我看到了类似的内容。

请注意,在我的 profile_params 中, 我声明 :attachment在两个地方。两者都在 transcript_attributes 内散列,并在正常的属性列表中。

什么可能导致这种情况?我错过了什么?

编辑 1

更新参数: 
def profile_params
  params.require(:profile).permit(
    :id, :first_name, :last_name, :dob, :height, :weight,
    :bib_color, :parent_name, :sat_score, :video_url, :avatar,
    :remove_avatar, :avatar_cache, :player_type, :school_id, :grade, :email, 
    :cell_phone, :home_phone, tournament_ids: [], position_ids: [], 
    grades_attributes: [:id, :subject, :result, :grade_type, :_destroy], 
    achievements_attributes: [:id, :body, :achievement_type, :_destroy], 
    articles_attributes: [:id, :title, :url, :source, :_destroy], 
    videos_attributes: [:id, :url, :video, :vimeo_url, :vimeo_embed_code, :official, 
                        :video_cache, :remove_video, :_destroy], 
    transcripts_attributes: [:id, :url, :name, :attachment_data, :remove_transcript, 
                             :url_cache, :_destroy], 
    attachment: [])
end

最佳答案

对于数组值,您必须如此声明它们。对于简单字符串数组,它可以是这个。

.permit(:foo, :bar, ..., attachment: [])

如果您有一组对象,则可以将对象的属性列入白名单 
.permit(:foo, :bar, ..., attachment: [:prop1, :prop3])

顺便说一下,这一切都在文档中: Hash and Array parameters .

关于ruby-on-rails - 为什么即使我允许,Rails 仍然告诉我未经允许的参数?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40648997/

25 4 0
文章推荐: extjs - 自定义 Vtype 的替代解决方案?
文章推荐: java - 使用 QueryDsl/Hibernate 进行延迟加载不起作用
文章推荐: java - 如何仅使用应用程序打开文件
文章推荐: clojure:devcards:分离出主应用程序
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com