ActiveModel :: MassAssignmentSecurity ::错误：无法批量分配受保护的属性

Question

If I try to execute the following code:

hassle = rota.hassles.create(:sender => user1, :receiver => user2, :type => "sms")

I obain the following error:

Failure/Error: hassle = rota.hassles.create(:sender => user1, :receiver => user2, :type => "sms")
 ActiveModel::MassAssignmentSecurity::Error:
   Can't mass-assign protected attributes: type

I am not sure what this means. I have made the :type to be compulsory, so if I do remove it, I get an sql error.

Answer 1

A couple things:

Mass Assignment usually means passing attributes into the call that creates an object as part of an attributes hash . That is, you pass a bunch of attributes in a hash into the call that creates the new object. For example:

@user = User.create({:name => "My name", :user_type => "nice_user"})

However, Rails includes some basic security rules that mean not all attributes can be assigned that way by default . You have to specify which ones can beforehand. You do so like this:

class User < ActiveRecord::Base
  attr_accessible :name, :user_type
end

If you don't specify an attribute is attr_accessible , and you pass it in to create the object, you get the error you posted.

Here are more details:

http://api.rubyonrails.org/v3.2.9/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html

The alternative is to set some of the attributes when you first create the record, and set others after -- like so:

# In this example `user_type` is not attr_accessible so it needs to be set specifically
@user = User.create({:name => "My name"})
@user.user_type = "nice_user"
@user.save

In addition, if you're having issues with using the column name type because rails is getting confused and thinks you want to use Single Table Inheritance (STI), check the answer to this question to see how to get around it: http://guides.rubyonrails.org/

Answer 2

Are you working with Rails 3.2 while following a 3.1 tutorial such as the Pragmatic Programmer's "Agile Web Development with Rails" 4th edition? Then check http://guides.rubyonrails.org/3_2_release_notes.html .

Your problem is that from Rails 3.1 to 3.2 checking of mass assignment protection for Active Record models is set to 'strict' by default. Comment out the appropriate lines in these files:

config/environments/development.rb
config/environments/test.rb

... and you're good to go on learning. Remember to leave this in effect when coding your first production application :)

Answer 3

1. Please try: open config/application.rb

2. Locate the line of config.active_record.whitelist_attributes = true

3. Change true to false

Then you shall be fine.

PS: remember to restart the rails console.

Answer 4

You should be getting another error, like this: column 'type' is reserved for storing the class in case of inheritance. Because Column 'type' should not be used in active record database.

Answer 5

I do not use whitelist_attributes since use cases when I do want to allow mass-assignment are for my internal logic and usually not directly in Controller for CRUD actions. I suggest using strong params in those cases. But when you want to enable mass-assignment for specific model you do

class Foo < ActiveRecord::Base
  # disables mass-assigment
  attr_protected
end

This basically sets attr_protected to empty array ([])

Answer 6

Here is some info on what mass assignment in Rails is, and why the protection is in place. It's pretty easy to get around when you really do want to assign a protected attribute, but it takes a couple of extra lines.

hassle = rota.hassles.build(:sender => user1, :receiver => user2)
hassle.type = 'sms'
hassle.save