您好,我在一个应用程序中工作,您可以在其中投票给产品,从我的投票视图的新动作中,我得到了此错误:
activeModel :: massAssignmentsCurity :: fotescontroller中的错误#create
不能大规模分配受保护的属性:产品,用户
我对Rails控制台进行了测试,并且可以使用。所以我不知道这是怎么回事。
这是模型:
class Product < ActiveRecord::Base
attr_accessible :title
has_many :votes
has_many :users, :through => :votes
has_attached_file :photo, :styles => { :medium => "300x300" }
before_save { |product| product.title = title.titlecase }
validates :title, presence: true, uniqueness: { case_sensitive: false }
validates :photo, :attachment_presence => true
end
class User < ActiveRecord::Base
has_many :votes
has_many :products, :through => :votes
def self.from_omniauth(auth)
where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.oauth_token = auth.credentials.token
user.oauth_expires_at = Time.at(auth.credentials.expires_at)
user.save!
end
end
end
class Vote < ActiveRecord::Base
attr_accessible :product_id, :user_id
belongs_to :product
belongs_to :user
end
这是投票控制器
class VotesController < ApplicationController
# GET /votes
# GET /votes.json
def index
@votes = Vote.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: @votes }
end
end
# GET /votes/1
# GET /votes/1.json
def show
@vote = Vote.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: @vote }
end
end
# GET /votes/new
# GET /votes/new.json
def new
@vote = Vote.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: @vote }
end
end
# GET /votes/1/edit
def edit
@vote = Vote.find(params[:id])
end
# POST /votes
# POST /votes.json
def create
@vote = Vote.new(params[:vote])
respond_to do |format|
if @vote.save
format.html { redirect_to @vote, notice: 'Vote was successfully created.' }
format.json { render json: @vote, status: :created, location: @vote }
else
format.html { render action: "new" }
format.json { render json: @vote.errors, status: :unprocessable_entity }
end
end
end
# PUT /votes/1
# PUT /votes/1.json
def update
@vote = Vote.find(params[:id])
respond_to do |format|
if @vote.update_attributes(params[:vote])
format.html { redirect_to @vote, notice: 'Vote was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @vote.errors, status: :unprocessable_entity }
end
end
end
# DELETE /votes/1
# DELETE /votes/1.json
def destroy
@vote = Vote.find(params[:id])
@vote.destroy
respond_to do |format|
format.html { redirect_to votes_url }
format.json { head :no_content }
end
end
end
这是新的投票视图
<%= form_for(@vote) do |f| %>
<% if @vote.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(@vote.errors.count, "error") %> prohibited this vote from being saved:</h2>
<ul>
<% @vote.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :product %><br />
<%= f.text_field :product %>
</div>
<div class="field">
<%= f.label :user %><br />
<%= f.text_field :user %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
请我真的需要您的帮助来解决这个问题,很难找到一个与HAS_MANY的教程:通过其中包括完整的MVC示例,我认为我的问题是在视图的,但我不知道。<<<<<<<<<<<</p>
谢谢!
该错误消息告诉您您是否仔细观察所需的一切。
ActiveModel::MassAssignmentSecurity::Error in VotesController#create
Can't mass-assign protected attributes: product, user
您可能不熟悉"质量分配"一词。它是创建时1个或更多对象属性的分配。即in VotesController#create
。当未保护时,质量分配将为您打开黑客,将值分配给网站表单中的任何和所有对象属性,您是否愿意提供访问。
那就是attar_accessible
进入的位置。它迫使您明确有关用户应该可以访问的模型的属性。任何未传递的符号都像 Can't mass-assign protected attributes: product, user
中的符号一样为 protected attributes
。
脚手架创建模型时的脚手架集attr_accessible :product_id, :user_id
,但不知道您将使用对象而不是ID值分配这些。
您可以解决这两种方法之一。
更改您的表格,以使类似哈希的params
变量分配了这样的分配
params[vote][product_id]
或更改模型
attr_accessible :product, :user