strong-parameters

问题 I'm trying to update a nested model with a simple has_many / belongs_to association I've setup parameters in the controller with params.require(:survey).permit(:name, :questions[[:id, :content]]) but I get the No implicit conversion of type Array to Integer console dump below. From similar issues I've read the problem may be how this :questions_attributes is hashed - no idea where this needs to be fixed tho - any ideas appreciated! Thanks Started PATCH "/surveys/1" for 127.0.0.1 at 2014-01-04

问题 We just upgraded to rails 4.1.13 from 4.0.1. We've dragged our feet at implementing strong parameters. As such, we are still using the protected_attributes gem so we can use the old behavior. Now, we are getting an ActiveModel::ForbiddenAttributesError . I do not understand why, since we are using the protected_attributes gem.. 回答1: You can basically use the following code snippet to mark attributes safe for mass assignment other than the id attribute of your model attr_protected :id Please

问题 Depending on which submit button a user selects, ( Cat and Dog in this case), I'd like to submit the form to the right controller action using the right http verb. In this case, there is one text input. If the user presses Cat I'd like to POST to Cats#create and if Dog to PUT to Dogs#update . How would I build the form? Edit Using the formaction attribute I'm able to PUT to Dogs#update <%= form_for(cat) do |f| %> <div class="field"> <%= f.label :name %> <%= f.text_field :name %> </div> <div

问题 I have tried all of the solutions to similar problems and haven't gotten this one figured out. I have a has_many :through relationship between 'Clinician', and 'Patient' with a joined model 'CareGroupAssignment'. I would like to have a patient be able to have multiple clinicians associated with it and clinicians will have multiple patients . When I submit my form this is logged: Started POST "/patients" for 127.0.0.1 at 2015-09-02 14:56:38 -0700 Processing by PatientsController#create as HTML

问题 I am using rails 4 with strong parameters and trying to figure out how to set the strong parameters to not allow any attribute with the parameter. I read this Rails 4 Strong parameters : permit all attributes? And would like to do the opposite of that. params.require(:user).permit! would permit all attributes, how could I do the opposite? UPDATE THIS IS MY FULL CODE: in app/controllers/application_controller.rb class ApplicationController < ActionController::Base # Prevent CSRF attacks by

问题 Newbie to rails here, so bear with me. New app on Rails 4 with ruby 2.0, I installed Devise and followed the instructions(default root, etc). Devise readme on github says it should be compatible with rails4 but db:migrate failed unless I commented out attr_accessible line in User.rb After commenting that out, I get "ActiveModel::ForbiddenAttributesError in Devise::RegistrationsController#create" error in trying to create a user. I see some stack overflow questions like this, but a lot of the

问题 I have a situation where I am getting the error Unpermitted parameter: incorporation however I have it listed in the strong params: def company_params params.require(:company).permit(:id, :name, :employee_stock_options, :options_pool, :state_corp, :street, :city, :state, :zip, :_destroy, incorporation_attributes: [:title, :trademark_search, :user_id, :employee_stock_options, :final_submit, :submit, :_destroy], names_attributes: [:id, :name_string, :suffix, :approved, :snapshot, :company_id, :

问题 I'm trying to update a users' attributes. All of the attributes are either strings or integers but I have one signature field which is a JSON object. Here are my params from the log: {"first_name"=>"Jackson", "last_name"=>"Cunningham", "email"=>"jackson@gmail.com", "phone"=>"", "address"=>"", "city"=>"", "province"=>""}, "signature"=>"[{\"lx\":80,\"ly\":4,\"mx\":80,\"my\":3},{\"lx\":78,\"ly\":3,\"mx\":80,\"my\":4},{\"lx\":72,\"ly\":4,\"mx\":78,\"my\":3}, {\"lx\":67,\"ly\":5,\"mx\":72,\"my\":4

问题 I am trying to attach nested fields in register process with devise gem. I want to create video that belongs to User after User creation in one request. Form sends post to create method from registrations_controller.rb and it fails at sign_up params new.html.erb <%= form_for(resource, as: resource_name, url: registration_path(resource_name), remote: true) do |f| %> <input name="authenticity_token" type="hidden" value="<%= form_authenticity_token %>"/> <div data-behavior="devise-error-messages

问题 I've been looking around and trying to see how I would handle mass-assignment with Rails 4. I know this question has been beaten to death, but from my search, I've only come across answers that require the protected_attributes gem and attr_accessible. Now I'm not sure if that is still the industry standard on this, so I wanted to ask. I'm using Rails 4.0.1 and I am trying to figure out how I can limit specific parameter updates to admin accounts only. Here are the parameters: :title, :summary