Ruby-on-rails Rails 错误:无法批量分配受保护的属性
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10050797/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Rails error: Can't mass-assign protected attributes
提问by nunos
I am trying to build an extremely simple AddressBook rails application. However, I am getting this error "Can't mass-assign protected attributes: city_id". How can I fix this? Please feel free to add any comment/suggestion to your answer regarding the rails code below. Thanks.
我正在尝试构建一个非常简单的 AddressBook rails 应用程序。但是,我收到此错误“无法批量分配受保护的属性:city_id”。我怎样才能解决这个问题?请随时在您对以下 Rails 代码的回答中添加任何评论/建议。谢谢。
How I created the project (from scratch):
我如何创建项目(从头开始):
rails new demo
rails generate model City name:string
rails generate scaffold User name:string city:references
rake db:migrate
db/seeds.db:
数据库/种子.db:
City.create(name: "City1")
City.create(name: "City2")
City.create(name: "City3")
rake db:seed
耙分贝:种子
changed this line <%= f.text_field :city %>from app/views/users/_form.html.erbto <%= f.collection_select :city_id, City.all, :id, :name %>
将此行<%= f.text_field :city %>从更改app/views/users/_form.html.erb为<%= f.collection_select :city_id, City.all, :id, :name %>
changed user.rbauto-generated line belongs_to :cityto has_one :city.
将user.rb自动生成的行更改belongs_to :city为has_one :city.
added belongs_to :cityto city.rb
添加belongs_to :city到city.rb
P.S: I am using Rails 3.2.3 and Ruby 1.9.3.
PS:我使用的是 Rails 3.2.3 和 Ruby 1.9.3。
回答by tmaximini
There was an important security change rails 3.2.3 that requires you to allow mass assignment explicitly by setting config.active_record.whitelist_attributesto false
rails 3.2.3 有一个重要的安全更改,它要求您通过设置config.active_record.whitelist_attributes为显式允许批量分配false
https://weblog.rubyonrails.org/2012/3/30/ann-rails-3-2-3-has-been-released/
https://weblog.rubyonrails.org/2012/3/30/ann-rails-3-2-3-has-been-released/
http://www.h-online.com/security/news/item/Rails-3-2-3-makes-mass-assignment-change-1498547.html
http://www.h-online.com/security/news/item/Rails-3-2-3-makes-mass-assignment-change-1498547.html
alternatively (and better), instead of allowing mass assignment, you just have to set the attr_accessiblefor the attributes in your model that you want to be able to change, e.g.
或者(更好),而不是允许质量分配,您只需attr_accessible为您希望能够更改的模型中的属性设置,例如
attr_accessible :city_id, :name # list all fields that you want to be accessible here
Please check the rails security guidefor more information about mass-assignment in rails.
请查看rails 安全指南以获取有关 rails 中批量分配的更多信息。
回答by agstwn21
or you can change
或者你可以改变
config.active_record.mass_assignment_sanitizer = :strict
to
到
config.active_record.mass_assignment_sanitizer = :logger
I don't know why had to changed to :loggerbut this is the solution for the error.
我不知道为什么必须更改为,:logger但这是错误的解决方案。
回答by Ganesh Arulanantham
Just include the datafield in the model as:
只需将数据字段包含在模型中:
attr_accessible :city_id
