我有两个模型类,患者和处方,用belongs_to的关系:的Rails 3:形式传递belongs_to的领域,不能大规模指派保护属性
class Prescription
belongs_to :patient
...
我有创造新处方形式对象,我希望它得到一个隐藏字段病人:
<%= form_for(@prescription) do |f| %>
...
<%= f.hidden_field :patient_id, :value => @patient.id %>
...
在处方控制器我要创建使用我从形式得到了PARAMS新的处方:
def create
@prescription = Prescription.new(params[:prescription])
...
有些东西不起作用。我可以将日志病人ID在PARAMS传递中所看到的,但它是没有得到插入到数据库:
Started POST "/prescriptions" for 127.0.0.1 at 2011-05-13 14:59:00 +0200 Processing by PrescriptionsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"h3rizbBoW069EfvQf6NyzH53k+g4o4XO61jeZ/GF6t0=", "prescription"=>{"medicine_name"=>"w", "dispense_date(1i)"=>"2011", "dispense_date(2i)"=>"5", "dispense_date(3i)"=>"13", "days_supply"=>"2", "patient_id"=>"1"}, "commit"=>"Create Prescription"} WARNING: Can't mass-assign protected attributes: patient_id Patient Load (0.2ms) SELECT "patients".* FROM "patients" WHERE "patients"."id" IS NULL LIMIT 1 AREL (0.4ms) INSERT INTO "prescriptions" ("medicine_name", "dispense_date", "days_supply", "patient_id", "created_at", "updated_at") VALUES ('w', '2011-05-13', 2, NULL, '2011-05-13 12:59:00.690434', '2011-05-13 12:59:00.690434')
什么是对大众指派保护属性的警告信息是什么意思?我该如何更改代码才能使用?
阅读有关批量分配漏洞的信息:http://guides.rubyonrails.org/security.html – 2013-05-01 06:46:48