Rails 4 - 从受保护的属性切换到强参数
[英]Rails 4 - Switching from protected attributes to strong parameters
问题描述
I followed the rails cast tutorial for user authentication/registration/login which apparently has an outdated method of using the gem protected attributes.
我遵循了用户身份验证/注册/登录的rails cast 教程,该 教程显然具有使用 gem 保护属性的过时方法。 I found that it's necessary to switch to strong parameters and did so by following this method .我发现有必要切换到强参数并按照此方法进行操作。
I had to delete the attr_accessible code from my user.rb model (commented out below) and was wondering if there's anything else I should do instead of just defining user params within the controller.我不得不从我的 user.rb 模型中删除attr_accessible代码(在下面注释掉)并且想知道是否还有什么我应该做的而不是仅仅在控制器中定义用户参数。 Should there be attr_accessors for the user's fields (email, password, location) now that I don't have the attr_accessible or is this unnecessary?既然我没有 attr_accessible,用户的字段(电子邮件、密码、位置)是否应该有 attr_accessors 或者这是不必要的? I'm new to rails and do not fully understand the proper necessities for user authentication.我是 Rails 的新手,并不完全了解用户身份验证的必要条件。
user.rb用户名
class User < ActiveRecord::Base
#attr_accessible :email, :password, :password_confirmation, :location
attr_accessor :password, :location
before_save :encrypt_password
validates_confirmation_of :password
validates_presence_of :password, :on => :create
validates_presence_of :email
validates_uniqueness_of :email
def self.authenticate(email, password)
user = find_by_email(email)
if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
user
else
nil
end
end
def encrypt_password
if password.present?
self.password_salt = BCrypt::Engine.generate_salt
self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
end
end
end
user_controller.rb用户控制器.rb
class UsersController < ApplicationController
def new
@user = User.new
end
def create
@user = User.new(user_params)
if @user.save
redirect_to root_url, :notice => "Signed up!"
else
render "new"
end
end
#add thing from https://stackoverflow.com/a/19130224/2739431
private
def user_params
params.require(:user).permit(:email, :password, :password_confirmation, :location)
end
end
2 个解决方案
解决方案1
1 已采纳 2014-03-30 17:56:47
The answer is relatively simple.答案相对简单。
Remember that statement when you first started learning Ruby: "In Ruby, everything is an object" .记住你刚开始学习 Ruby 时的那句话: “在 Ruby 中,一切都是对象” 。 Objects have methods, and to access an objects property you need an accessor method.对象有方法,要访问对象属性,您需要一个accessor方法。
The attr_accessor is a Ruby method that generates accessor methods for a given instance variable (checkattr_reader andattr_writer ). attr_accessor是一个 Ruby 方法,它为给定的实例变量生成访问器方法(检查attr_reader和attr_writer )。
So your question actually is whether you need to access those properties, outside the Model .所以你的问题实际上是你是否需要在Model之外访问这些属性。
And I think this answeres your question.我认为这回答了你的问题。
Important note : attr_accessible is not a Ruby method.重要说明: attr_accessible不是 Ruby 方法。 It's a Rails method that allows you to pass in values to Models for a mass assignment: new(attrs) or update_attributes(attrs) .这是一个 Rails 方法,允许您将值传递给模型以进行批量分配: new(attrs)或update_attributes(attrs) 。
解决方案2
1 2014-03-30 18:05:52
Should there be attr_accessors for the user's fields (email, password, location) now that I don't have the attr_accessible or is this unnecessary?
It's unnecessary.这是不必要的。 ActiveRecord automatically creates writers and readers for model fields – that's why you can use methods like user.email and user.email = outside of User class. ActiveRecord 自动为模型字段创建作者和读者——这就是为什么你可以在 User 类之外使用user.email和user.email =等方法。
attr_accessor :password, :location – I guess these are database fields, right? attr_accessor :password, :location – 我猜这些是数据库字段,对吗? You can remove this line, too.您也可以删除此行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.