【问题标题】:Private methods not passing MassAssignmentSecurity in rails 3.2.8在 Rails 3.2.8 中未通过 MassAssignmentSecurity 的私有方法
【发布时间】:2012-10-03 15:45:29
【问题描述】:

升级到 rails 3.2.8 后,我在 rails 3.2.6 中通过质量分配的私有方法不再通过,我不断收到质量分配错误。

我的控制器是

class AddressesController < BaseController
  # GET /addresses
  # GET /addresses.json
  def index
    @address = Address.new

    form_info
    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @addresses }
    end
  end

  # GET /addresses/1
  # GET /addresses/1.json
  def show
    @address = Address.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @address }
    end
  end

  # GET /addresses/new
  # GET /addresses/new.json
  def new
    @address = Address.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @address }
    end
  end

  # GET /addresses/1/edit
  def edit
    @address = Address.find(params[:id])
  end

  # POST /addresses
  # POST /addresses.json
  def create
    if params[:address].present?
      @address = current_user.addresses.new(params[:address])
      @address.default = true          if current_user.default_shipping_address.nil?
      @address.save_default_address(current_user, params[:address])
    elsif params[:address_id].present?
      @address = current_user.addresses.find(params[:address_id])
    end
    respond_to do |format|

      if @address.id
        update_order_address_id(@address.id)
        format.html { redirect_to(orders_url, :notice => 'Address was successfully created.') }
      else
        form_info
        format.html { render :action => "index" }
      end
    end
  end

  # PUT /addresses/1
  # PUT /addresses/1.json
  def update
    @address = Address.find(params[:id])

    respond_to do |format|
      if @address.update_attributes(params[:address])
        format.html { redirect_to @address, notice: 'Address was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @address.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /addresses/1
  # DELETE /addresses/1.json
  def destroy
    @address = Address.find(params[:id])
    @address.destroy

    respond_to do |format|
      format.html { redirect_to addresses_url }
      format.json { head :no_content }
    end
  end

  private

  def update_order_address_id(id)
    session_order.update_attributes(
        :address_id => id
    )
  end

  def form_info
    @addresses = current_user.addresses
  end



end

创建地址后,我希望它执行update_order_address_id(id) 方法,但它一直告诉我

Can't mass-assign protected attributes: address_id

这一切都是在升级到 rails 3.2.8 之后开始的。有没有人知道我该如何解决这个问题或对此有任何建议。

【问题讨论】:

    标签: ruby-on-rails-3 ruby-on-rails-3.2 mass-assignment


    【解决方案1】:

    尝试将此行添加到模型中

    attr_accessible :address_id
    

    https://stackoverflow.com/a/4538861/643500

    编辑:

    不确定你是否读过这篇文章

    class AccountsController < ApplicationController
      include ActiveModel::MassAssignmentSecurity
    
      attr_accessible :first_name, :last_name
      attr_accessible :first_name, :last_name, :plan_id, :as => :admin
    
      def update
        ...
        @account.update_attributes(account_params)
        ...
      end
    
      protected
    
      def account_params
        role = admin ? :admin : :default
        sanitize_for_mass_assignment(params[:account], role)
      end
    
    end
    

    http://api.rubyonrails.org/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html

    【讨论】:

    • 如果我补充说这意味着该属性对批量分配开放。但我不希望它为大规模分配开放。
    猜你喜欢
    • 1970-01-01
    • 2012-08-16
    • 1970-01-01
    • 2021-11-02
    • 2012-11-12
    • 1970-01-01
    • 2020-06-02
    • 1970-01-01
    • 2013-05-06
    相关资源
    最近更新 更多