问题
With Ruby 1.9.3, Rails 3.2.13, Strong_parameters 0.2.1:
I have followed every indication in tutorials and railscasts, but I can not get strong_parameters working. It should be something really simple, but I can not see where is the error.
config/initializers/strong_parameters.rb:
ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
config/application.rb
config.active_record.whitelist_attributes = false
app/models/product.rb
class Product < ActiveRecord::Base
end
app/controllers/products_controller.rb:
class ExpedientesController < ApplicationController
...
def create
@product = Product.new(params[:product])
if @product.save
redirect_to @product
else
render :new
end
end
end
This raises the Forbidden Attributes exception, as expected. But when I move to:
...
def create
@product = Product.new(product_params)
# and same flow than before
end
private
def product_params
params.require(:product).permit(:name)
end
Then, if I go to the form and enter "Name: product 1" and "Color: red" no exception is raised; the new product is saved in the database with no color but with the right name.
What am I doing wrong?
回答1:
Solved.
By default, the use of not allowed attributes fails silently and the so submitted attributes are filtered out and ignored. In development and test environments the error is logged as well.
To change the default behaviour, for instance in development enviroment: config/environments/development.rb:
# Raises an error on unpermitted attributes assignment
config.action_controller.action_on_unpermitted_parameters = :raise # default is :log
To be honest, is very clearly explained in the github repository.
来源:https://stackoverflow.com/questions/16541712/strong-parameters-not-working