[英]How to avoid “Can't mass-assign protected attributes” error
Even though I added accepts_nested_attributes_for to my model. 即使我将accepts_nested_attributes_for添加到我的模型中。
it still says "Can't mass-assign protected attributes" 它仍然说“无法批量分配受保护的属性”
What else am I supposed to do in order to avoid this??? 我还应该做些什么才能避免这种情况?
models/user.rb 车型/ user.rb
class User < ActiveRecord::Base
validates_presence_of :username
validates_uniqueness_of :username
validates_length_of :username, :within => 4..10
acts_as_messageable
has_one :user_profile
accepts_nested_attributes_for :user_profile
# Include default devise modules. Others available are:
# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me, :username, :user_profile_attributes
def mailboxer_email(message)
email
end
# def name
# email
# end
end
models/user_profile.rb 车型/ user_profile.rb
class UserProfile < ActiveRecord::Base
belongs_to :user
accepts_nested_attributes_for :user
attr_accessible :nickname
end
views/registration/edit.html.erb 视图/注册/ edit.html.erb
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<div class="field">
<%= f.label :nickname %><br />
<%= f.fields_for :nickname_attributes, @user.user_profile do |user_profile| %>
<%= user_profile.text_field :nickname %>
<% end %>
</div>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
<div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
<%= f.password_field :password %></div>
<div><%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %></div>
<div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
<%= f.password_field :current_password %></div>
<%= recaptcha_tags :display => {:theme => 'red'} %>
<div><%= f.submit "Update" %></div>
<% end %>
<h3>Cancel my account</h3>
<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
<%= link_to "Back", :back %>
attr_accessible
defines the attributes you want the user to be able to mass assign. attr_accessible
定义了您希望用户能够批量分配的属性。 Just make sure it has all the attributes you want in there. 只需确保它具有您想要的所有属性。
To be fair, you can remove attr_accessible
if you don't care about it and the error will disappear (but all your model fields will be mass assignable). 公平地说,如果您不关心它,可以删除
attr_accessible
,并且错误将消失(但所有模型字段都是可批量分配的)。
in edit.html.erb 在edit.html.erb中
wrong: 错误:
f.fields_for :nickname_attributes,
correct: 正确:
f.fields_for :user_profile_attributes,
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.