[英]How is attr_accessible used in Rails 4?
attr_accessible
seems to no longer work within my model. attr_accessible
似乎不再适用于我的模型。
What is the way to allow mass assignment in Rails 4?在 Rails 4 中允许批量分配的方法是什么?
Rails 4 now uses strong parameters . Rails 4现在使用强参数 。
Protecting attributes is now done in the controller. 现在,在控制器中完成保护属性。 This is an example:
这是一个例子:
class PeopleController < ApplicationController
def create
Person.create(person_params)
end
private
def person_params
params.require(:person).permit(:name, :age)
end
end
No need to set attr_accessible
in the model anymore. 无需
attr_accessible
在模型中设置attr_accessible
。
accepts_nested_attributes_for
accepts_nested_attributes_for
In order to use accepts_nested_attribute_for
with strong parameters, you will need to specify which nested attributes should be whitelisted. 要使用带有强参数的
accepts_nested_attribute_for
,您需要指定哪些嵌套属性应列入白名单。
class Person
has_many :pets
accepts_nested_attributes_for :pets
end
class PeopleController < ApplicationController
def create
Person.create(person_params)
end
# ...
private
def person_params
params.require(:person).permit(:name, :age, pets_attributes: [:name, :category])
end
end
Keywords are self-explanatory, but just in case, you can find more information about strong parameters in the Rails Action Controller guide . 关键字是不言自明的,但为了以防万一,您可以在Rails Action Controller指南中找到有关强参数的更多信息。
Note : If you still want to use attr_accessible
, you need to add protected_attributes
to your Gemfile
. 注意 :如果您仍想使用
attr_accessible
,则需要将protected_attributes
添加到Gemfile
。 Otherwise, you will be faced with a RuntimeError
. 否则,您将面临
RuntimeError
。
If you prefer attr_accessible, you could use it in Rails 4 too. 如果你更喜欢attr_accessible,你也可以在Rails 4中使用它。 You should install it like gem:
你应该像gem一样安装它:
gem 'protected_attributes'
after that you could use attr_accessible in you models like in Rails 3 之后,您可以在Rails 3中使用attr_accessible
Also, and i think that is the best way- using form objects for dealing with mass assignment, and saving nested objects, and you can also use protected_attributes gem that way 此外,我认为这是最好的方法 - 使用表单对象来处理质量分配,保存嵌套对象,你也可以使用protected_attributes gem
class NestedForm
include ActiveModel::MassAssignmentSecurity
attr_accessible :name,
:telephone, as: :create_params
def create_objects(params)
SomeModel.new(sanitized_params(params, :create_params))
end
end
We can use 我们可以用
params.require(:person).permit(:name, :age)
where person is Model, you can pass this code on a method person_params & use in place of params[:person] in create method or else method 如果person是Model,你可以在方法person_params上传递这个代码并在create方法或者方法中代替params [:person]
1) Update Devise so that it can handle Rails 4.0 by adding this line to your application's Gemfile: 1)更新设计,以便它可以通过将此行添加到您的应用程序的Gemfile来处理Rails 4.0:
gem 'devise', '3.0.0.rc'
Then execute: 然后执行:
$ bundle
2) Add the old functionality of attr_accessible
again to rails 4.0 2)再次将
attr_accessible
的旧功能添加到rails 4.0
Try to use attr_accessible
and don't comment this out. 尝试使用
attr_accessible
,不要对此进行评论。
Add this line to your application's Gemfile: 将此行添加到应用程序的Gemfile:
gem 'protected_attributes'
Then execute: 然后执行:
$ bundle
An update for Rails 5: Rails 5的更新:
gem 'protected_attributes'
doesn't seem to work anymore. 似乎不再起作用了。 But give:
但是给:
gem 'protected_attributes_continued' gem'protected_attributes_continued'
a try. 一试。
I had to migrate a Rails app from 3.2 to 6.1 so even gem 'protected_attributes' was not an option.我不得不将 Rails 应用程序从 3.2 迁移到 6.1,所以即使 gem 'protected_attributes' 也不是一个选项。 I appreciate the arguments for using require().permit() in the controller, but I didn't want to retype or cut and paste all those attributes from the models, so I decided instead to use this initializer code (put in a file in config/initializers):
我很欣赏在控制器中使用 require().permit() 的参数,但我不想重新输入或剪切并粘贴模型中的所有这些属性,所以我决定改用这个初始化代码(放在一个文件中)在配置/初始值设定项中):
# fix attr_accessible in an initializer
# wrap ActionController::Parameters code in singleton method defined
# from attr_accessible so controller code can call class method
# to get permitted parameter list
# e.g. model: class A < ActiveRecord::Base,
# controller calls A.permit_attr(params)
# lots simpler than moving all attr_accessible definitions to controllers
# bug: fails if more than one attr_accessible statement
def (ActiveRecord::Base).attr_accessible *fields
puts "attr_accessible:"+self.name+":permitted_params fields=#{fields.inspect}"
define_singleton_method("permit_attr") { |params|
# may have subclasses where attr_accessible is in superclass
# thus must require by subclass name so should calculate require at runtime
rq = self.name.downcase.to_sym
puts "...permit_attr:self=#{rq} permit(#{fields.inspect})"
params.require(rq).permit(fields)
}
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.