【发布时间】:2014-09-21 02:04:05
【问题描述】:
我在我的控制器中使用它:
def step_params
params.require(@type.underscore.to_sym).permit(
:id, :name, :note, :position, :institution_id, :protocol_id, :sequence_id,:orientation_id,
step_item_attributes: [:id, :note, :name, :position, :institution_id, :sequence_id, :orientation_id, :_destroy ],
step_list_attributes: [:id, :note, :name, :position, :institution_id, :sequence_id, :orientation_id, :_destroy ])
end
并在提交具有嵌套属性的表单后在服务器日志中看到:
Processing by StepsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"Xm6oMMJ2PLXhHfKS1RkIzG5LrCUAY6vLOF+e9XHgBE4=", "step_list"=>{"name"=>"bob bob", "note"=>"", "step_items_attributes"=>{"1411264481612"=>{"name"=>"", "orientation_id"=>"1", "sequence_id"=>"1", "note"=>"a note", "_destroy"=>"false"}}}, "commit"=>"Create Step list", "type"=>"StepList"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 ORDER BY "users"."id" ASC LIMIT 1
Unpermitted parameters: step_items_attributes
(0.1ms) begin transaction
SQL (0.7ms) INSERT INTO "steps" ("created_at", "institution_id", "name", "note", "updated_at") VALUES (?, ?, ?, ?, ?) [["created_at", "2014-09-21 01:54:49.736556"], ["institution_id", 18], ["name", "bob bob"], ["note", ""], ["updated_at", "2014-09-21 01:54:49.736556"]]
(37.5ms) commit transaction
Redirected to http://localhost:3000/steps/54
Completed 302 Found in 47ms (ActiveRecord: 38.7ms)
在我看来像“未经许可的参数:step_items_attributes”
... 是问题所在。
为什么我的 permit 方法不允许 step_items_attributes 哈希?我怎么能弄清楚其他符号可能会起作用?
【问题讨论】:
标签: forms ruby-on-rails-4 parameters sti whitelist