[英]Nested attributes on Rails: Can't mass-assign protected attributes
I've been stuck on getting nested attributes to work on Rails 3.2.14 for a while and having looked at many examples I still can't seem to get it to work. 我一直想让嵌套属性在Rails 3.2.14上工作一段时间,并且查看了许多示例后,我似乎仍然无法使其工作。 At the moment when I try to submit the form I get the following error:
当我尝试提交表单时,出现以下错误:
ActiveModel::MassAssignmentSecurity::Error in Admin::CategoriesController#create
Can't mass-assign protected attributes: products, category_departments
Here's my code: 这是我的代码:
class Category < ActiveRecord::Base
extend FriendlyId
friendly_id :category_name, use: :slugged
attr_accessible :category_name, :products_attributes, :slug, :department_id, :category_departments_attributes
has_many :products
has_many :category_departments
has_many :departments, :through => :category_departments
validates_presence_of :category_name
accepts_nested_attributes_for :products
accepts_nested_attributes_for :category_departments
scope :department_category, lambda {|department| joins(:department, :products).where("departments.department_name" => department ) }
end
Controller: 控制器:
class Admin::CategoriesController < ApplicationController
def new
@category = Category.new
@category.products.build
@category.category_departments.build
end
def create
@category = Category.new(params[:category])
if @category.save
redirect_to admin_products_path
else
flash.now[:error] = "Could not save the category"
render "new"
end
end
Form-view So I finally solved this by removing the products fields_for and allowing the department to be selected from the products creation page. 表单视图因此,我最终通过删除产品fields_for并允许从产品创建页面中选择部门来解决此问题。
Form:-
<h1> Create a Category </h1>
<%= form_for :category, :url => { :action => "create" }, :method => :post do |f| %>
<%= render :partial => 'form_category', :locals => {:f => f} %>
<% end %>
Partial:-
<div class="category-form-update">
<form class="form-horizontal">
<div class="control-group">
<label class="control-label">
<%= f.label :category_name %>
</label>
<div clas="controls">
<%= f.text_field :category_name %>
</div>
</div>
<div class="control-group">
<%= f.fields_for :category_departments do |builder| %>
<label class="control-label">
<%= builder.label :department, "Department" %>
</label>
<div class="controls">
<% department = Department.all.map { |dep| [dep.department_name.capitalize, dep.id] } %>
<%= builder.select(:department_id ,options_for_select(department)) %>
<% end %>
</div>
</div>
<div class="control-group">
<div class="controls">
<button class="btn">
<%= f.submit %>
</button>
</div>
</div>
</div>
What am I not doing correctly here? 我在这里做什么不正确?
I think this is as easy as adding :products
and :category_departments
to attr_accessible
like so: 我认为这就像在
attr_accessible
添加:products
和:category_departments
一样简单:
class Category < ActiveRecord::Base
extend FriendlyId
friendly_id :category_name, use: :slugged
attr_accessible :category_name, :products_attributes, :slug, :department_id, :category_departments_attributes, :products, :category_departments
...
Without checking the internals, I assume this is necessary because the nested_attributes magic uses the :products_attributes
to populate :products
. 在不检查内部的情况下,我认为这是必要的,因为nested_attributes魔术使用
:products_attributes
来填充:products
。
EDIT: 编辑:
This only revealed the actual issue which is the nested attribute naming magic didn't kick in and name the fields properly. 这仅揭示了实际的问题,即嵌套属性命名魔术没有起作用并没有正确命名字段。 My guess is the form_for doesn't have the category object as a parameter.
我的猜测是form_for没有类别对象作为参数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.