ruby-on-rails - 不允许的参数 : :utf8, :authenticity_token - Rails 5. 2 form_with

Question

我用这个把我的头发扯掉了。我在带有嵌套资源的 form_with 上得到了一个未经许可的参数。我正在使用 Rails 5.2.1 和 Ruby 2.5。

我不确定我到底哪里出了问题。我尝试了 site_params 的各种变体，但没有成功。任何帮助将不胜感激。

这是我的 routes.rb:

resources :locations do
    post 'sites', to: 'sites#custom_create', as: :site_custom
    resources :sites, except: [:edit, :update, :show]
  end

以及相关的 Controller 函数:

  def new 
    verify_site_name or return
    @site =  @location.sites.new
    authorize @site
    @available_site = AvailableSite.find_by(site_name: params[:site_name])
    @finder_results = get_finder_results([:site_name], @location)
  end

  def create
    verify_site_name or return
    @site = @location.sites.new(site_params)
    authorize @site
    respond_to do |format|
      if @site.save
        format.html { redirect_to location_sites_path, notice: 'Location was successfully created.' }
        format.json { render :show, status: :created, site: @site }
      else
        format.html { redirect_to location_sites_path, alert: "#{@site.errors.full_messages.first}" }
        format.json { render json: @site.errors, status: :unprocessable_entity }
      end
    end
  end


# Never trust parameters from the scary internet, only allow the white list through.
    def site_params
      params.permit(:location_id, :place_id, :site_name, :review_url)
    end
    # Use callbacks to share common setup or constraints between actions.
    def set_site
      @site = Site.find(params[:id])
    end
    def set_location
      @location = Location.friendly.find(params[:location_id])
    end

当然还有表单本身:

<%= form_with(model: [@location, @site], local: true, class: 'site-form') do |form| %>
      <%= hidden_field_tag(:site_name, @available_site.site_name) %>
      <div class="field md:w-3/4 lg:w-2/3 mx-auto text-left">
        <%= form.text_field :review_url, class: 'text-input',  placeholder: 'https://www.facebook.com/yourbusinessname/review/?ref=page_internal'  %>
        <span class="form-required">*required</span>
      </div>
      <%= form.submit "Manually Submit #{@available_site.site_name.titleize}", class: 'btn btn-green btn-outline' %>
    <% end %>

最后，日志:

Started POST "/locations/tekamar-mortgages-ltd/sites" for 127.0.0.1 at 2018-12-03 15:30:57 +0000
Processing by SitesController#custom_create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"l/DjkUbVNyw+nrXxo1B/9IGru043Ftroxy8FcuNcZuxmJ7V3j0gC8njm5kpGPT8c7tMWSaAR/ler3cSHY+t8aA==", "site"=>{"site_name"=>"google", "review_url"=>"https://www.yelp.ca/biz/your-busines-sname?utm_campaign=www_business_share_popup&utm_medium=copy_link&utm_source=(direct)"}, "commit"=>"Create Site", "location_id"=>"tekamar-mortgages-ltd"}
  Location Load (0.8ms)  SELECT  "locations".* FROM "locations" WHERE "locations"."slug" = $1 LIMIT $2  [["slug", "tekamar-mortgages-ltd"], ["LIMIT", 1]]
  ↳ app/controllers/sites_controller.rb:78
  User Load (1.9ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 1], ["LIMIT", 1]]
  ↳ /Users/richsmith/.rvm/gems/ruby-2.5.1/gems/activerecord-5.2.1/lib/active_record/log_subscriber.rb:98
Unpermitted parameters: :utf8, :authenticity_token, :site, :commit
Redirected to http://localhost:3000/locations/tekamar-mortgages-ltd/sites
Completed 302 Found in 13ms (ActiveRecord: 2.6ms)

Answer 1

尝试:

def site_params
  params.require(:site).permit(:location_id, :place_id, :site_name, :review_url)
end

site 的参数嵌套在 params[:site] 中。您应该首先从所有参数中取出此散列，然后对其调用 permit。现在您正在清理所有参数(包括一些您显然不感兴趣的东西，如 utf8 或 authenticity_token)。