我正在使用Devise和Rails 4开发一个Web应用程序.我有一个用户模型,我已经扩展了2个额外的表单字段,这样当用户注册时,他也可以提交他的名字/姓氏.(基于http://blog.12spokes.com/web-design-development/adding-custom-fields-to-your-devise-user-model-in-rails-4/).我现在想要添加一个机构模型.此模型has_many:用户和用户belongs_to:institution.我希望能够在注册用户的同一表格上注册该机构的名称.我知道我需要在我的Institution模型中使用nested_attribute ,因为这是父类,我将稍微展示一下.当我尝试注册用户时,我进入控制台:Unpermited参数:机构.
我的提示是我无法根据我的子类(User)更新我的父类(Institution).可能有解决方案吗?或者有没有人经历类似的事情?
class Institutions < ActiveRecord::Base
has_many :users,
accepts_nested_attributes_for :users
end
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
belongs_to :institution
end
registrations/new.html.erb这里我有嵌套表格
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
.
.
<%= f.fields_for :institutions do |i| %>
<p><%= i.label :name %><br />
<%= i.text_field :institutions_attr %></p>
<% end %>
基于我之前链接的教程,我创建了一个新的 …
ruby-on-rails nested-forms nested-attributes devise strong-parameters
我strong_parameters在控制器中使用gem,但我很难理解如何测试它.
这是我的设置示例
class UserController < ActionController::Base
include ActiveModel::ForbiddenAttributesProtection
def create
@user = User.new(user_params)
if @user.save
...
end
end
private
def user_params
params.require(:user).permit(:first_name, :last_name, :username, :email)
end
end
我想测试该user_params方法,以确保它正确地过滤掉恶意键/值对,但无法弄清楚如何做到这一点.还有其他人经历过这个吗?
我在使用Hstore和动态访问器克服Rails 4中新的强params要求时遇到了问题
我有一个Hstore列:content,我想用它来存储多种语言的内容,即:en, :fr等等.我不知道在模型或控制器中预先设置哪种语言.
store_accessor :content, [:en, :fr] #+226 random other il8n languages won't work.
如何在一个列的rails 4中覆盖强params(或允许动态hstore键)?
params.require(:article).permit(
:name, :content,
:en, :fr #+226 random translations
)
缺乏...
params.require(:article).permit!
这当然有效.
我正试图通过JSON注册一个设备用户但是继续得到一个 ActiveModel::ForbiddenAttributesError
class Api::V1::RegistrationsController < ApplicationController
skip_before_filter :verify_authenticity_token
respond_to :json
def create
user = User.new(params[:user])
if user.save
render :json => user.as_json(:auth_token=>user.authentication_token, :email=>user.email), :status=>201
return
else
warden.custom_failure!
render :json => user.errors, :status=>422
end
end
def user_params
params.require(:user).permit(:email, :password)
end
end
这是我的JSON请求:
Processing by Api::V1::RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"jayson@jayson.com", "password"=>"[FILTERED]"}, "registration"=>{"user"=>{"email"=>"jayson@jayson.com", "password"=>"[FILTERED]"}}}
我意识到这与强参数有关,但还没有破解它.
我在我的视图中有这个多选复选框
模型
class User < ActiveRecord::Base
has_many :user_roles, :dependent => :destroy
accepts_nested_attributes_for :user_roles, :allow_destroy => true
has_many :roles, :through => :user_roles
end
视图
<%= check_box_tag 'user[role_ids][]', role.id, user.blank? ? nil : user.roles.include?(role) ,id: dom_id(role)%>
这个强大的参数写成
def user
params.require(:user).permit(:first_name,{:role_ids => []})
end
但在创造它说
Processing by Admin::UsersController#create as HTML
Parameters: {"utf8"=>"?", "authenticity_token"=>"+y8iWya5KIILqS0embEUEZuClycXq0O9Q4pA+MnbM0g=", "user"=>{"first_name"=>"", "last_name"=>"", "email"=>"a@loclahost.com", "language"=>"en", "access_level_id"=>"1", "role_ids"=>["", "1", "", "5", "", "", ""], "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Create user"}
Unpermitted parameters: role_ids
Unpermitted parameters: role_ids
Unpermitted parameters: role_ids
Unpermitted parameters: role_ids
任何线索为什么它不接受来自表单的role_ids数组?
强参数问题严重.它在我的大约200个动作中工作得很好,但在一个它没有,因为我在那里使用参数非常动态,我也因为应用程序设计而无法改变它.
所以我想在这个特定的操作中禁用强参数验证.有没有办法做到这一点?
在Rails 4中,可以将额外的参数与用户生成的参数合并,如下所示:
params.require(:post).permit([:title, :body]).merge(user: current_user)
也可以包含嵌套属性,如下所示:
params.require(:post).permit([:title, :body, sections_attributes: [:title, :section_type]])
现在,如果我想将额外参数合并到嵌套模型中,该怎么办呢?我试过这个:
params.require(:post).permit([:title, :body, sections_attributes: [:title, :section_type]]).merge(user: current_user, sections_attributes: [user: current_user])
但是当我事后用调试器检查params时,我发现它user已经覆盖了另一个section_attributes而不是与它们合并.有没有更好的方法来解决这个问题?
Full backtrace
--------------
- activemodel (4.0.0.rc1) lib/active_model/attribute_methods.rb:436:in `method_missing'
- activerecord (4.0.0.rc1) lib/active_record/attribute_methods.rb:131:in `method_missing'
- activerecord (4.0.0.rc1) lib/active_record/nested_attributes.rb:432:in `block in assign_nested_attributes_for_collection_association'
- activerecord (4.0.0.rc1) lib/active_record/nested_attributes.rb:431:in `assign_nested_attributes_for_collection_association'
- activerecord (4.0.0.rc1) lib/active_record/nested_attributes.rb:322:in `comments_attributes='
- activerecord (4.0.0.rc1) lib/active_record/attribute_assignment.rb:42:in `_assign_attribute'
- activerecord (4.0.0.rc1) lib/active_record/attribute_assignment.rb:53:in `block in assign_nested_parameter_attributes'
- activerecord (4.0.0.rc1) lib/active_record/attribute_assignment.rb:53:in `assign_nested_parameter_attributes'
- activerecord (4.0.0.rc1) lib/active_record/attribute_assignment.rb:33:in `assign_attributes'
- activerecord …我是Rails的新手并基于此构建了一些东西,但它需要小的更新才能使它与Rails 4的强大参数兼容:
http://railscasts.com/episodes/196-nested-model-form-part-1
我根据类似的帖子将调查,问题和答案的参数列入白名单:
class Survey < ActiveRecord::Base
has_many :questions, :dependent => :destroy
accepts_nested_attributes_for :questions, allow_destroy: true
end
class Question < ActiveRecord::Base
belongs_to :survey
has_many :answers, :dependent => :destroy
accepts_nested_attributes_for :answers, allow_destroy: true
end
class Answer < ActiveRecord::Base
belongs_to :question
end
class SurveysController < ApplicationController
def survey_params
params.require(:survey).permit(:name, questions_attributes: [:id, :survey_id, :content])
end
class QuestionsController < ApplicationController
def question_params
params.require(:question).permit(:survey_id, :content, answers_attributes: [:id, :question_id, :content])
end
class AnswersController < ApplicationController
def answer_params
params.require(:answer).permit(:question_id, :content)
end
第一个嵌套模型(问题)有效,但第二个(答案)在我提交主调查表时返回错误:
未允许的参数:answers_attributes
Started …我是RoR的新手并且坚持这个设计问题.我想允许用户使用电子邮件或用户名登录(使用用户名注册已经可以).
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :password, :remember_me) }
end
end
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :authentication_keys => [:login]
validates_uniqueness_of :username
validates_presence_of :username
validates :username, length: { in: 4..20 }
def self.find_first_by_auth_conditions(warden_conditions)
conditions = warden_conditions.dup
if login = conditions.delete(:login)
where(conditions).where(["lower(username) = :value OR lower(email) = :value", { …我正在渲染一个模型,它是JSON中的子书籍,如下所示:
{"id":2,"complete":false,"private":false, "books" [{ "id":2,"name":"Some Book"},.....
然后我通过将相同的JSON传递回我的控制器来更新此模型,我收到以下错误:
ActiveRecord :: AssociationTypeMismatch(书(#2245089560)预期,得到ActionController ::参数(#2153445460))
在我的控制器中,我使用以下内容进行更新:
@project.update_attributes!(project_params)
private
def project_params
params.permit(:id, { books: [:id] } )
end
无论我将哪些属性列入白名单,permit我似乎无法保存孩子模型.
我错过了一些明显的东西吗
更新 - 另一个例子:
控制器:
def create
@model = Model.new(model_params)
end
def model_params
params.fetch(:model, {}).permit(:child_model => [:name, :other])
end
请求:
post 'api.address/model', :model => { :child_model => { :name => "some name" } }
模型:
accepts_nested_attributes_for :child_model
错误:
期望的ChildModel,得到了ActionController :: Parameters
尝试这种方法无济于事:http://www.rubyexperiments.com/using-strong-parameters-with-nested-forms/