为什么 Rails 一直告诉我不允许的参数,即使我已经允许了?
Why does Rails keep telling me unpermitted parameter even though I have permitted it?
我有一个 Profile 模型,它具有以下内容:
has_many :transcripts, dependent: :destroy
accepts_nested_attributes_for :transcripts, allow_destroy: true
在我的 Transcript 模型上,我有以下内容:
include TranscriptUploader[:attachment]
这是 Shrine 上传器坐骑。
在我的 app/views/profile/_form.html.erb 中,我有以下内容:
<div id="transcripts" class="text-center">
<% if @profile.transcripts.any? %>
<% @profile.transcripts.each do |transcript| %>
<%= link_to "Click to view Transcript", transcript.url %>
<% end %>
<% end %>
<%= f.simple_fields_for :transcripts do |transcript| %>
<%= render 'transcript_fields', f: transcript %>
<% end %>
<br />
<div class="links">
<%= link_to_add_association 'Add Transcript', f, :transcripts, class: "btn btn-success add-transcript-button" %>
</div>
</div>
然后在我的 views/profiles/_transcript_fields.html.erb 中,我有以下内容:
<%= f.file_field :attachment, multiple: true, class: 'col-lg-4 form-control' %>
在我的 ProfilesController 中,我有以下内容:
# truncated for brevity
def profile_params
params.require(:profile).permit(:id, :first_name, :last_name, :dob, :height, :weight, :bib_color, :attachment, :remove_transcript, :transcript_cache, transcripts_attributes: [:id, :url, :name, :attachment, :attachment_data, :remove_transcript, :url_cache, :_destroy])
end
到目前为止还不错吧?
但是当我去添加一个新的配置文件时,我的日志是这样的:
Started POST "/profiles" for ::1 at 2016-11-17 01:47:05 -0500
Processing by ProfilesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"JDMTXHFCIaB3TFmCOQ==", "profile"=>{"avatar"=>"", "first_name"=>"Jack", "last_name"=>"BeNimble", "dob(3i)"=>"17", "dob(2i)"=>"11", "dob(1i)"=>"1986", "transcripts_attributes"=>{"1479365203532"=>{"attachment"=>[#<ActionDispatch::Http::UploadedFile:0x007f8901918700 @tempfile=#<Tempfile:/var/folders/0f/0gn/T/RackMultipart20161117-29277-msvds1.pdf>, @original_filename="Some-Awesome-File.pdf", @content_type="application/pdf", @headers="Content-Disposition: form-data; name=\"profile[transcripts_attributes][1479365203532][attachment][]\"; filename=\"Some-Awesome-File.pdf\"\r\nContent-Type: application/pdf\r\n">], "_destroy"=>"false"}}, "commit"=>"Create Profile"}
User Load (2.8ms) SELECT "users".* FROM "users" WHERE "users"."id" = ORDER BY "users"."id" ASC LIMIT [["id", 2], ["LIMIT", 1]]
Role Load (1.3ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'admin') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
Role Load (2.3ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'coach') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
Role Load (2.5ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'player') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
(3.9ms) SELECT COUNT(*) FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'admin') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)) OR ((roles.name = 'coach') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
Unpermitted parameter: attachment
Tournament Load (1.1ms) SELECT "tournaments".* FROM "tournaments" WHERE "tournaments"."id" = 1
(5.0ms) SELECT COUNT(*) FROM "profiles" INNER JOIN "profiles_tournaments" ON "profiles"."id" = "profiles_tournaments"."profile_id" WHERE "profiles_tournaments"."tournament_id" = [["tournament_id", 1]]
(0.9ms) BEGIN
(1.5ms) COMMIT
Position Load (2.1ms) SELECT "positions".* FROM "positions" WHERE 1=0
Unpermitted parameter: attachment
(0.7ms) BEGIN
School Load (1.2ms) SELECT "schools".* FROM "schools" WHERE "schools"."id" = LIMIT [["id", 1], ["LIMIT", 1]]
Profile Exists (3.7ms) SELECT 1 AS one FROM "profiles" WHERE ("profiles"."id" IS NOT NULL) AND "profiles"."slug" = LIMIT [["slug", "jack-benimble-st-george-s-college"], ["LIMIT", 1]]
SQL (23.3ms) INSERT INTO "profiles" ("first_name", "last_name", "dob", "bib_color", "created_at", "updated_at", "player_type", "school_id", "grade", "slug", "home_phone", "cell_phone", "email") VALUES (, , , , , , , , , , , , ) RETURNING "id" [["first_name", "Jack"], ["last_name", "BeNimble"], ["dob", Mon, 17 Nov 1986], ["bib_color", ""], ["created_at", 2016-11-17 06:47:05 UTC], ["updated_at", 2016-11-17 06:47:05 UTC], ["player_type", 0], ["school_id", 1], ["grade", ""], ["slug", "jack-benimble-st-george-s-college"], ["home_phone", ""], ["cell_phone", ""], ["email", ""]]
SQL (3.5ms) INSERT INTO "transcripts" ("profile_id", "created_at", "updated_at") VALUES (, , ) RETURNING "id" [["profile_id", 46], ["created_at", 2016-11-17 06:47:05 UTC], ["updated_at", 2016-11-17 06:47:05 UTC]]
Profile Load (2.8ms) SELECT "profiles".* FROM "profiles" WHERE "profiles"."id" = LIMIT [["id", 46], ["LIMIT", 1]]
SQL (1.7ms) INSERT INTO "profiles_tournaments" ("profile_id", "tournament_id") VALUES (, ) [["profile_id", 46], ["tournament_id", 1]]
(2.6ms) COMMIT
Profile Store (150.2ms) {"id":46}
Profile Store (135.8ms) {"id":46}
Unpermitted parameter: attachment
Redirected to http://localhost:3000/profiles/jack-benimble-st-george-s-college
Completed 302 Found in 499ms (Searchkick: 286.0ms | ActiveRecord: 91.8ms)
当我也为编辑操作执行此操作时,我看到了类似的东西。
请注意,在我的 profile_params 中,我在两个地方声明了 :attachment。既在 transcript_attributes 散列中,又在正常的属性列表中。
这可能是什么原因造成的?我错过了什么?
编辑 1
更新的参数:
def profile_params
params.require(:profile).permit(
:id, :first_name, :last_name, :dob, :height, :weight,
:bib_color, :parent_name, :sat_score, :video_url, :avatar,
:remove_avatar, :avatar_cache, :player_type, :school_id, :grade, :email,
:cell_phone, :home_phone, tournament_ids: [], position_ids: [],
grades_attributes: [:id, :subject, :result, :grade_type, :_destroy],
achievements_attributes: [:id, :body, :achievement_type, :_destroy],
articles_attributes: [:id, :title, :url, :source, :_destroy],
videos_attributes: [:id, :url, :video, :vimeo_url, :vimeo_embed_code, :official,
:video_cache, :remove_video, :_destroy],
transcripts_attributes: [:id, :url, :name, :attachment_data, :remove_transcript,
:url_cache, :_destroy],
attachment: [])
end
对于数组值,您必须这样声明它们。对于简单字符串数组,它可以是这样的。
.permit(:foo, :bar, ..., attachment: [])
如果你有一个对象数组,你可以将对象的属性列入白名单
.permit(:foo, :bar, ..., attachment: [:prop1, :prop3])
顺便说一下,这一切都在文档中:Hash and Array parameters。
我有一个 Profile 模型,它具有以下内容:
has_many :transcripts, dependent: :destroy
accepts_nested_attributes_for :transcripts, allow_destroy: true
在我的 Transcript 模型上,我有以下内容:
include TranscriptUploader[:attachment]
这是 Shrine 上传器坐骑。
在我的 app/views/profile/_form.html.erb 中,我有以下内容:
<div id="transcripts" class="text-center">
<% if @profile.transcripts.any? %>
<% @profile.transcripts.each do |transcript| %>
<%= link_to "Click to view Transcript", transcript.url %>
<% end %>
<% end %>
<%= f.simple_fields_for :transcripts do |transcript| %>
<%= render 'transcript_fields', f: transcript %>
<% end %>
<br />
<div class="links">
<%= link_to_add_association 'Add Transcript', f, :transcripts, class: "btn btn-success add-transcript-button" %>
</div>
</div>
然后在我的 views/profiles/_transcript_fields.html.erb 中,我有以下内容:
<%= f.file_field :attachment, multiple: true, class: 'col-lg-4 form-control' %>
在我的 ProfilesController 中,我有以下内容:
# truncated for brevity
def profile_params
params.require(:profile).permit(:id, :first_name, :last_name, :dob, :height, :weight, :bib_color, :attachment, :remove_transcript, :transcript_cache, transcripts_attributes: [:id, :url, :name, :attachment, :attachment_data, :remove_transcript, :url_cache, :_destroy])
end
到目前为止还不错吧?
但是当我去添加一个新的配置文件时,我的日志是这样的:
Started POST "/profiles" for ::1 at 2016-11-17 01:47:05 -0500
Processing by ProfilesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"JDMTXHFCIaB3TFmCOQ==", "profile"=>{"avatar"=>"", "first_name"=>"Jack", "last_name"=>"BeNimble", "dob(3i)"=>"17", "dob(2i)"=>"11", "dob(1i)"=>"1986", "transcripts_attributes"=>{"1479365203532"=>{"attachment"=>[#<ActionDispatch::Http::UploadedFile:0x007f8901918700 @tempfile=#<Tempfile:/var/folders/0f/0gn/T/RackMultipart20161117-29277-msvds1.pdf>, @original_filename="Some-Awesome-File.pdf", @content_type="application/pdf", @headers="Content-Disposition: form-data; name=\"profile[transcripts_attributes][1479365203532][attachment][]\"; filename=\"Some-Awesome-File.pdf\"\r\nContent-Type: application/pdf\r\n">], "_destroy"=>"false"}}, "commit"=>"Create Profile"}
User Load (2.8ms) SELECT "users".* FROM "users" WHERE "users"."id" = ORDER BY "users"."id" ASC LIMIT [["id", 2], ["LIMIT", 1]]
Role Load (1.3ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'admin') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
Role Load (2.3ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'coach') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
Role Load (2.5ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'player') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
(3.9ms) SELECT COUNT(*) FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = AND (((roles.name = 'admin') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)) OR ((roles.name = 'coach') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 2]]
Unpermitted parameter: attachment
Tournament Load (1.1ms) SELECT "tournaments".* FROM "tournaments" WHERE "tournaments"."id" = 1
(5.0ms) SELECT COUNT(*) FROM "profiles" INNER JOIN "profiles_tournaments" ON "profiles"."id" = "profiles_tournaments"."profile_id" WHERE "profiles_tournaments"."tournament_id" = [["tournament_id", 1]]
(0.9ms) BEGIN
(1.5ms) COMMIT
Position Load (2.1ms) SELECT "positions".* FROM "positions" WHERE 1=0
Unpermitted parameter: attachment
(0.7ms) BEGIN
School Load (1.2ms) SELECT "schools".* FROM "schools" WHERE "schools"."id" = LIMIT [["id", 1], ["LIMIT", 1]]
Profile Exists (3.7ms) SELECT 1 AS one FROM "profiles" WHERE ("profiles"."id" IS NOT NULL) AND "profiles"."slug" = LIMIT [["slug", "jack-benimble-st-george-s-college"], ["LIMIT", 1]]
SQL (23.3ms) INSERT INTO "profiles" ("first_name", "last_name", "dob", "bib_color", "created_at", "updated_at", "player_type", "school_id", "grade", "slug", "home_phone", "cell_phone", "email") VALUES (, , , , , , , , , , , , ) RETURNING "id" [["first_name", "Jack"], ["last_name", "BeNimble"], ["dob", Mon, 17 Nov 1986], ["bib_color", ""], ["created_at", 2016-11-17 06:47:05 UTC], ["updated_at", 2016-11-17 06:47:05 UTC], ["player_type", 0], ["school_id", 1], ["grade", ""], ["slug", "jack-benimble-st-george-s-college"], ["home_phone", ""], ["cell_phone", ""], ["email", ""]]
SQL (3.5ms) INSERT INTO "transcripts" ("profile_id", "created_at", "updated_at") VALUES (, , ) RETURNING "id" [["profile_id", 46], ["created_at", 2016-11-17 06:47:05 UTC], ["updated_at", 2016-11-17 06:47:05 UTC]]
Profile Load (2.8ms) SELECT "profiles".* FROM "profiles" WHERE "profiles"."id" = LIMIT [["id", 46], ["LIMIT", 1]]
SQL (1.7ms) INSERT INTO "profiles_tournaments" ("profile_id", "tournament_id") VALUES (, ) [["profile_id", 46], ["tournament_id", 1]]
(2.6ms) COMMIT
Profile Store (150.2ms) {"id":46}
Profile Store (135.8ms) {"id":46}
Unpermitted parameter: attachment
Redirected to http://localhost:3000/profiles/jack-benimble-st-george-s-college
Completed 302 Found in 499ms (Searchkick: 286.0ms | ActiveRecord: 91.8ms)
当我也为编辑操作执行此操作时,我看到了类似的东西。
请注意,在我的 profile_params 中,我在两个地方声明了 :attachment。既在 transcript_attributes 散列中,又在正常的属性列表中。
这可能是什么原因造成的?我错过了什么?
编辑 1
更新的参数:
def profile_params
params.require(:profile).permit(
:id, :first_name, :last_name, :dob, :height, :weight,
:bib_color, :parent_name, :sat_score, :video_url, :avatar,
:remove_avatar, :avatar_cache, :player_type, :school_id, :grade, :email,
:cell_phone, :home_phone, tournament_ids: [], position_ids: [],
grades_attributes: [:id, :subject, :result, :grade_type, :_destroy],
achievements_attributes: [:id, :body, :achievement_type, :_destroy],
articles_attributes: [:id, :title, :url, :source, :_destroy],
videos_attributes: [:id, :url, :video, :vimeo_url, :vimeo_embed_code, :official,
:video_cache, :remove_video, :_destroy],
transcripts_attributes: [:id, :url, :name, :attachment_data, :remove_transcript,
:url_cache, :_destroy],
attachment: [])
end
对于数组值,您必须这样声明它们。对于简单字符串数组,它可以是这样的。
.permit(:foo, :bar, ..., attachment: [])
如果你有一个对象数组,你可以将对象的属性列入白名单
.permit(:foo, :bar, ..., attachment: [:prop1, :prop3])
顺便说一下,这一切都在文档中:Hash and Array parameters。