ActiveAdmin ForbiddenAttributesError
我是Ruby on Rails的全新产品。 我正在使用ActiveAdmin,我在创建AdminUser时遇到问题
Admin :: AdminUsersController中的ActiveModel :: ForbiddenAttributesError #create ActiveModel :: ForbiddenAttributesError
请求
参数:
-
{ “UTF8”=> “✓”,
-
“authenticity_token”=> “NVV ++ 6GNTdA / nDzw1iJ6Ii84pZPcv2mzg0PK2Cg9Ag0 =”,
-
“admin_user”=> { “电子邮件”=> “admin2@example.com”},
-
“commit”=>“创建管理员用户”} *
Rails 4.1.0
activeadmin 1.0.0
ruby2.1
应用程序/管理/ admin_user.rb
ActiveAdmin.register AdminUser do index do column :email column :current_sign_in_at column :last_sign_in_at column :sign_in_count default_actions end form do |f| f.inputs "Admin Details" do f.input :email end f.actions end end
应用程序/模型/ admin_user.rb
class AdminUser < ActiveRecord::Base # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable after_create { |admin| admin.send_reset_password_instructions } def password_required? new_record? ? false : super end end
的Gemfile
source 'https://rubygems.org' gem 'rails', '4.1.0' gem 'sqlite3' gem 'sass-rails', '~> 4.0.3' gem 'uglifier', '>= 1.3.0' gem 'coffee-rails', '~> 4.0.0' gem 'jquery-rails' gem 'turbolinks' gem 'jbuilder', '~> 2.0' gem 'activeadmin', github: 'gregbell/active_admin' gem 'polyamorous', github: 'activerecord-hackery/polyamorous' gem 'ransack', github: 'activerecord-hackery/ransack' gem 'formtastic', github: 'justinfrench/formtastic' gem 'devise' gem 'sdoc', '~> 0.4.0', group: :doc
配置/环境/ development.rb
Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false # Do not eager load code on boot. config.eager_load = false # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load # Debug mode disables concatenation and preprocessing of assets. # This option may cause significant delays in view rendering with a large # number of complex assets. config.assets.debug = true # Adds additional error checking when serving assets at runtime. # Checks for improperly declared sprockets dependencies. # Raises helpful error messages. config.assets.raise_runtime_errors = true # Raises error for missing translations # config.action_view.raise_on_missing_translations = true # Sending emails works config.action_mailer.default_url_options = { :host => 'localhost:3000' } end
Rails 4
使用强参数,将属性白名单从模型移动到控制器。 必须指定要在数据库中保存的属性。 您没有允许代码中的属性,这就是您收到ActiveModel::ForbiddenAttributesError
。
请参阅ActiveAdmin的文档:设置强参数
您可以使用permit_params
方法以下列方式设置强参数,该方法创建名为permit_params
方法,在覆盖create
或update
操作时使用此方法:
ActiveAdmin.register AdminUser do ## ... permit_params :attr1, :attr2 ## Add this line end
将:attr1
, :attr2
等替换为要列入白名单的实际属性名称。 例如:email
您所看到的是新版Rails的安全function。 您必须为属性创建白名单,这些属性可以由用户输入的参数更新。 否则,您必须手动设置每个值。
以下是将某些参数列入白名单的示例:
ActiveAdmin.register Post do permit_params :title, :content, :publisher_id end
请参阅有关该主题的ActiveAdmin文档: https : //github.com/gregbell/active_admin/blob/master/docs/2-resource-customization.md#setting-up-strong-parameters