Rails 5未经允许的参数：组织

Question

我在为我的用户提交注册表单时收到错误Unpermitted parameter: organization。我正在使用“auth从头开始”变体，而不是设计。这里是我的代码：

user.rb

class User < ApplicationRecord 
    belongs_to :organization 
    has_secure_password 
end 

organization.rb

class Organization < ApplicationRecord 
    has_many :users 
    has_many :tasks 
    accepts_nested_attributes_for :users 
end 

users_controller.rb

class UsersController < ApplicationController 
    def new 
    @user = User.new 
    @organization = Organization.new 
    end 

    def create 
    @user = User.new(user_params) 
    @user.build_organization(user_params[:organization_attributes]) 
    if @user.save 
     session[:user_id] = @user.id 
     redirect_to root_url, notice: "Thank you for signing up!" 
    else 
     render "new" 
    end 
    end 

    private 
    # Use callbacks to share common setup or constraints between actions. 
    def set_user 
     @user = User.find(params[:id]) 
    end 

    # Never trust parameters from the scary internet, only allow the white list through. 
    def user_params 
     params.require(:user).permit(:email, :password, :password_confirmation, :admin, 
     organization_attributes: :name) 
    end 
end 

new.html.erb

<h1>Sign Up</h1> 

<%= form_for @user do |f| %> 
    <% if @user.errors.any? %> 
    <div class="error_messages"> 
     <h2>Form is invalid</h2> 
     <ul> 
     <% @user.errors.full_messages.each do |message| %> 
      <li><%= message %></li> 
     <% end %> 
     </ul> 
    </div> 
    <% end %> 

    <div class="field"> 
    <%= f.label :email %><br /> 
    <%= f.text_field :email %> 
    </div> 
    <div class="field"> 
    <%= f.fields_for :organization do |org| %> 
    <%= 'Organization or Company Name' %><br /> 
    <%= org.text_field :name %> 
    <% end %> 
    </div> 
    <div class="field"> 
    <%= f.label :password %><br /> 
    <%= f.password_field :password %> 
    </div> 
    <div class="field"> 
    <%= f.label :password_confirmation %><br /> 
    <%= f.password_field :password_confirmation %> 
    </div> 
    <div class="field"> 
    <%= f.label :admin %><br /> 
    <%= f.check_box :admin %> 
    </div> 
    <div class="actions"><%= f.submit "Sign Up" %></div> 
<% end %> 

这里是一个在提交控制台偷看......

Processing by UsersController#create as HTML 
    Parameters: {"utf8"=>"✓", "authenticity_token"=>"lhzxsTF43PiGKwMXly/fufGoVNEMUgqymwtMkhCkNtmolArIqbUjuo/qxYUVpFxIfaB4qVV2sumDqa5O2ggLbA==", "user"=>{"email"=>"myuser@user.com", "organization"=>{"name"=>"myOrg"}, "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "admin"=>"0"}, "commit"=>"Sign Up"} 
Unpermitted parameter: organization 
Unpermitted parameter: organization 
    (0.1ms) begin transaction 
    SQL (0.3ms) INSERT INTO "organizations" ("created_at", "updated_at") VALUES (?, ?) [["created_at", 2016-07-25 15:39:56 UTC], ["updated_at", 2016-07-25 15:39:56 UTC]] 
    SQL (0.1ms) INSERT INTO "users" ("email", "password_digest", "organization_id", "created_at", "updated_at") VALUES (?, ?, ?, ?, ?) [["email", "myuser@user.com"], ["password_digest", "$2a$10$MEEXO6bU9FGwMv3WOvdYheL.1iGhx4eeDVo67qp.OPmh1BJHs0z0G"], ["organization_id", 10], ["created_at", 2016-07-25 15:39:56 UTC], ["updated_at", 2016-07-25 15:39:56 UTC]] 
    (0.7ms) commit transaction 
Redirected to http://localhost:3000/ 
Completed 302 Found in 64ms (ActiveRecord: 1.1ms) 

我认为，问题的根源是organization"=>{"name"=>"myOrg"}的参数提交时，它应该是organization_attributes呢？

Answer 1

你的猜测是正确的，但还有其他一些问题。

1. 正如您所提到的，将strong_params选项更改为organization_attributes。
2. 向后有accepts_nested_attributes。由于您使用user_params创建用户，因此您的用户模型需要accepts_nested_attributes :organization，而组织不需要它（除非您在其他地方使用它）。
3. 调整完模型后，您不需要通过@user.build_organization(user_params[:organization_attributes])明确构建组织。该行可以被删除。

最后，我只想指出，您可能不希望允许admin标志被传递，因为这可能存在安全风险。显然不知道你的应用，但只是想提到它。