Ruby-on-rails ActiveModel::MassAssignmentSecurity::Error: 无法批量分配受保护的属性
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10574957/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes
提问by Karan
If I try to execute the following code:
如果我尝试执行以下代码:
hassle = rota.hassles.create(:sender => user1, :receiver => user2, :type => "sms")
I obain the following error:
我得到以下错误:
Failure/Error: hassle = rota.hassles.create(:sender => user1, :receiver => user2, :type => "sms")
ActiveModel::MassAssignmentSecurity::Error:
Can't mass-assign protected attributes: type
I am not sure what this means. I have made the :type to be compulsory, so if I do remove it, I get an sql error.
我不确定这意味着什么。我已将 :type 设为强制,所以如果我删除它,我会收到一个 sql 错误。
回答by Kevin Bedell
A couple things:
一些事情:
Mass Assignment usually means passing attributes into the call that creates an object as part of an attributes hash. That is, you pass a bunch of attributes in a hash into the call that creates the new object. For example:
批量分配通常意味着将属性传递到创建对象的调用中,作为属性散列的一部分。也就是说,您将散列中的一堆属性传递到创建新对象的调用中。例如:
@user = User.create({:name => "My name", :user_type => "nice_user"})
However, Rails includes some basic security rules that mean not all attributes can be assigned that way by default. You have to specify which ones can beforehand. You do so like this:
但是,Rails 包含一些基本的安全规则,这意味着并非所有属性都可以默认分配。您必须事先指定哪些可以。你这样做:
class User < ActiveRecord::Base
attr_accessible :name, :user_type
end
If you don't specify an attribute is attr_accessible, and you pass it in to create the object, you get the error you posted.
如果您未指定属性 is attr_accessible,并且将其传入以创建对象,则会收到您发布的错误。
Here are more details:
以下是更多详细信息:
http://api.rubyonrails.org/v3.2.9/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html
http://api.rubyonrails.org/v3.2.9/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html
The alternative is to set some of the attributes when you first create the record, and set others after -- like so:
另一种方法是在您第一次创建记录时设置一些属性,然后设置其他属性——像这样:
# In this example `user_type` is not attr_accessible so it needs to be set specifically
@user = User.create({:name => "My name"})
@user.user_type = "nice_user"
@user.save
In addition, if you're having issues with using the column name typebecause rails is getting confused and thinks you want to use Single Table Inheritance (STI), check the answer to this question to see how to get around it: http://guides.rubyonrails.org/
此外,如果您在使用列名时遇到问题,type因为 rails 感到困惑并认为您想使用单表继承 (STI),请查看此问题的答案以了解如何解决它:http:// guides.rubyonrails.org/
回答by LANerd
Are you working with Rails 3.2 while following a 3.1 tutorial such as the Pragmatic Programmer's "Agile Web Development with Rails" 4th edition? Then check http://guides.rubyonrails.org/3_2_release_notes.html.
您是否在学习 3.1 教程(例如 Pragmatic Programmer 的“Agile Web Development with Rails”第 4 版)的同时使用 Rails 3.2?然后检查http://guides.rubyonrails.org/3_2_release_notes.html。
Your problem is that from Rails 3.1 to 3.2 checking of mass assignment protection for Active Record models is set to 'strict' by default. Comment out the appropriate lines in these files:
您的问题是,从 Rails 3.1 到 3.2,Active Record 模型的批量分配保护检查默认设置为“严格”。注释掉这些文件中的相应行:
config/environments/development.rb
config/environments/test.rb
... and you're good to go on learning. Remember to leave this in effect when coding your first production application :)
......你很高兴继续学习。请记住在编写第一个生产应用程序时保持有效:)
回答by Spectral
Please try: open
config/application.rbLocate the line of
config.active_record.whitelist_attributes = trueChange true to false
请尝试:打开
config/application.rb找到行
config.active_record.whitelist_attributes = true将真更改为假
Then you shall be fine.
那你就没事了。
PS: remember to restart the rails console.
PS:记得重启rails控制台。
回答by Richardlonesteen
You should be getting another error, like this: column 'type' is reserved for storing the class in case of inheritance. Because Column 'type' should not be used in active record database.
您应该会收到另一个错误,如下所示:“type”列保留用于在继承的情况下存储类。因为不应在活动记录数据库中使用列“类型”。
回答by Haris Krajina
I do not use whitelist_attributessince use cases when I do want to allow mass-assignment are for my internal logic and usually not directly in Controller for CRUD actions. I suggest using strong params in those cases. But when you want to enable mass-assignment for specific model you do
我不使用,whitelist_attributes因为当我确实希望允许批量分配时,用例是针对我的内部逻辑,通常不直接在 Controller 中用于 CRUD 操作。我建议在这些情况下使用强参数。但是当你想为特定模型启用批量分配时
class Foo < ActiveRecord::Base
# disables mass-assigment
attr_protected
end
This basically sets attr_protectedto empty array ([])
这基本上设置attr_protected为空数组 ([])
回答by x1a4
Hereis some info on what mass assignment in Rails is, and why the protection is in place. It's pretty easy to get around when you really do want to assign a protected attribute, but it takes a couple of extra lines.
这里有一些关于 Rails 中的质量分配是什么以及为什么保护到位的信息。当你真的想分配一个受保护的属性时,很容易绕过,但它需要几行额外的行。
hassle = rota.hassles.build(:sender => user1, :receiver => user2)
hassle.type = 'sms'
hassle.save
