Strong_parameters not working

2020-06-06 04:53发布

站内问答 / 前端开发
532 1 6

With Ruby 1.9.3, Rails 3.2.13, Strong_parameters 0.2.1:

I have followed every indication in tutorials and railscasts, but I can not get strong_parameters working. It should be something really simple, but I can not see where is the error.

config/initializers/strong_parameters.rb:

ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)

config/application.rb

config.active_record.whitelist_attributes = false

app/models/product.rb

class Product < ActiveRecord::Base
end

app/controllers/products_controller.rb:

class ExpedientesController < ApplicationController
  ...
  def create
    @product = Product.new(params[:product])
    if @product.save
      redirect_to @product
    else
      render :new
    end
  end
end

This raises the Forbidden Attributes exception, as expected. But when I move to:

 ...
  def create
    @product = Product.new(product_params)
    # and same flow than before
  end
  private
  def product_params
    params.require(:product).permit(:name)
  end

Then, if I go to the form and enter "Name: product 1" and "Color: red" no exception is raised; the new product is saved in the database with no color but with the right name.

What am I doing wrong?

1条回答
Lonely孤独者°
2楼-- · 2020-06-06 05:23

Solved.

By default, the use of not allowed attributes fails silently and the so submitted attributes are filtered out and ignored. In development and test environments the error is logged as well.

To change the default behaviour, for instance in development enviroment: config/environments/development.rb:

# Raises an error on unpermitted attributes assignment
  config.action_controller.action_on_unpermitted_parameters = :raise  # default is :log

To be honest, is very clearly explained in the github repository.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)