问题
In rails 3.2.1, I have a model:
class Player < ActiveRecord::Base
attr_accessor :password
attr_accessible :email, :password
attr_accessible :email, :password, :confirmed, :as => :admin
end
I keep getting a ActiveModel::MassAssignmentSecurity::Error
for the following:
params[:player]
#=> {:email => "some@email.com", :password => "12345", :confirmed => true)
player = Player.new(params[:player])
Why is this happening when all I want it to do is ignore the :confirmed
attribute and move on with it's business. The documentation makes it seem like I should be able to do that, but I keep getting this exception and it's really getting to me because either I am doing it wrong or the docs are wrong.
I'd love any help with this.
回答1:
Comment out this line in development.rb
:
config.active_record.mass_assignment_sanitizer = :strict
The strict setting will raise an error and the default setting will just log a warning.
回答2:
You can configure what you want to happen when a mass assignment happens by setting Player.mass_assignment_sanitizer
(or set it on ActiveRecord::Base
for it to apply to all AR models)
You can also set it in your configuration files via config.active_record.mass_assignment_sanitizer
Our of the box you can set it to either :logger
, which just logs when these things happen or :strict
which raises exceptions. You can also provide your own custom sanitizer. The current application template sets it to strict, although that used not to be the case
来源:https://stackoverflow.com/questions/9743232/rails-atttr-accesible-not-working-as-documented