Ruby-on-rails 在 Rails 4 中如何使用 attr_accessible?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17371334/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How is attr_accessible used in Rails 4?
提问by user2532974
attr_accessibleseems to no longer work within my model.
attr_accessible似乎不再适用于我的模型。
What is the way to allow mass assignment in Rails 4?
在 Rails 4 中允许批量分配的方法是什么?
回答by Pierre-Louis Gottfrois
Rails 4 now uses strong parameters.
Rails 4 现在使用强参数。
Protecting attributes is now done in the controller. This is an example:
保护属性现在在控制器中完成。这是一个例子:
class PeopleController < ApplicationController
def create
Person.create(person_params)
end
private
def person_params
params.require(:person).permit(:name, :age)
end
end
No need to set attr_accessiblein the model anymore.
无需再attr_accessible在模型中进行设置。
Dealing with accepts_nested_attributes_for
处理 accepts_nested_attributes_for
In order to use accepts_nested_attribute_forwith strong parameters, you will need to specify which nested attributes should be whitelisted.
为了accepts_nested_attribute_for与强参数一起使用,您需要指定应将哪些嵌套属性列入白名单。
class Person
has_many :pets
accepts_nested_attributes_for :pets
end
class PeopleController < ApplicationController
def create
Person.create(person_params)
end
# ...
private
def person_params
params.require(:person).permit(:name, :age, pets_attributes: [:name, :category])
end
end
Keywords are self-explanatory, but just in case, you can find more information about strong parameters in the Rails Action Controller guide.
关键字是不言自明的,但为了以防万一,您可以在 Rails 动作控制器指南 中找到有关强参数的更多信息。
Note: If you still want to use attr_accessible, you need to add protected_attributesto your Gemfile. Otherwise, you will be faced with a RuntimeError.
注意:如果您还想使用attr_accessible,您需要添加protected_attributes到您的Gemfile. 否则,您将面临RuntimeError.
回答by edikgat
If you prefer attr_accessible, you could use it in Rails 4 too. You should install it like gem:
如果你更喜欢 attr_accessible,你也可以在 Rails 4 中使用它。你应该像 gem 一样安装它:
gem 'protected_attributes'
after that you could use attr_accessible in you models like in Rails 3
之后,您可以在 Rails 3 中的模型中使用 attr_accessible
Also, and i think that is the best way- using form objects for dealing with mass assignment, and saving nested objects, and you can also use protected_attributes gem that way
另外,我认为这是最好的方法 - 使用表单对象来处理批量分配和保存嵌套对象,您也可以使用 protected_attributes gem 那样
class NestedForm
include ActiveModel::MassAssignmentSecurity
attr_accessible :name,
:telephone, as: :create_params
def create_objects(params)
SomeModel.new(sanitized_params(params, :create_params))
end
end
回答by Hardik Hardiya
We can use
我们可以用
params.require(:person).permit(:name, :age)
where person is Model, you can pass this code on a method person_params & use in place of params[:person] in create method or else method
其中 person 是 Model,您可以在方法 person_params 上传递此代码并在 create 方法或 else 方法中代替 params[:person] 使用
回答by miklki14567
An update for Rails 5:
Rails 5 的更新:
gem 'protected_attributes'
doesn't seem to work anymore. But give:
似乎不再起作用了。但是给:
gem 'protected_attributes_continued'
宝石'protected_attributes_continued'
a try.
一试。
回答by Sid
1) Update Devise so that it can handle Rails 4.0 by adding this line to your application's Gemfile:
1) 通过将此行添加到应用程序的 Gemfile 中,更新 Devise 以便它可以处理 Rails 4.0:
gem 'devise', '3.0.0.rc'
Then execute:
然后执行:
$ bundle
2) Add the old functionality of attr_accessibleagain to rails 4.0
2)在attr_accessiblerails 4.0中添加了旧的功能
Try to use attr_accessibleand don't comment this out.
尝试使用attr_accessible,不要注释掉。
Add this line to your application's Gemfile:
将此行添加到应用程序的 Gemfile 中:
gem 'protected_attributes'
Then execute:
然后执行:
$ bundle
