这不是平均的批量分配受保护属性问题。在我的应用程序中,当我的应用程序加载时,我在 Chrome 的网络标签中收到内部 500 错误。现在我的WidgetController中有以下create操作:
def create
@widget = Widget.new(params[:widget])
@user = current_user
if @widget.save
WidgetPermission.create( widget: @widget, user: @user)
render json: @widget, status: :created, location: @widget
else
render json: @widget.errors, status: :unprocessable_entity
end
end
我的模型设置如下:
class WidgetPermission < ActiveRecord::Base
attr_accessible :action, :description, :name, :subject_class, :subject_id, :user_id, :widget_id
belongs_to :user
belongs_to :widget
end
class Widget < ActiveRecord::Base
attr_accessible :name, :snippets, :snippets_attributes
has_many :snippets
has_many :widget_permissions
end
require 'rolify'
class User < ActiveRecord::Base
extend Rolify
rolify
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :invitable, :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :role_ids, :as => :admin
attr_accessible :name, :email, :password, :password_confirmation, :remember_me
has_many :widgets, through: :widget_permissions
has_many :widget_permissions
end
我从检查失败请求的响应选项卡中获得的回溯如下:
ActiveModel::MassAssignmentSecurity::Error at /api/widgets
==========================================================
> Can't mass-assign protected attributes: widget, user
app/controllers/widgets_controller.rb, line 31
----------------------------------------------
``` ruby
26 # POST /widgets.json
27 def create
28 @widget = Widget.new(params[:widget])
29 @user = current_user
30 if @widget.save
> 31 WidgetPermission.create( widget: @widget, user: @user)
32 #can :manage, Widget, id: @widget.id
33 #user.widget_permissions.create action: :manage, subject_class: 'Widget', subject_id: @widget.id
34 render json: @widget, status: :created, location: @widget
35 else
36 render json: @widget.errors, status: :unprocessable_entity
```
App backtrace
-------------
- app/controllers/widgets_controller.rb:31:in `create'
Full backtrace
--------------
- activemodel (3.2.12) lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
- activemodel (3.2.12) lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
- activemodel (3.2.12) lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
- activemodel (3.2.12) lib/active_model/mass_assignment_security.rb:230:in `sanitize_for_mass_assignment'
- activerecord (3.2.12) lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
- activerecord (3.2.12) lib/active_record/base.rb:497:in `initialize'
- activerecord (3.2.12) lib/active_record/persistence.rb:44:in `create'
在attr_accessible中,您已将user_id, widget_id但发送参数
WidgetPermission.create( widget: @widget, user: @user)
试试这个:
WidgetPermission.create( widget_id: @widget.id, user_id: @user.id)
请注意您在attr_accessible模型中添加的内容以及您正在访问的内容
:subject_id, :user_id in WidgetPermission
class WidgetPermission < ActiveRecord::Base
attr_accessible :action, :description, :name, :subject_class, :subject_id, :user_id, :widget_id
belongs_to :user
belongs_to :widget
end
在创建时
WidgetPermission.create( widget: @widget, user: @user)