I'm having "ForbiddenAttributesError" in my Rails 4 application. What am I missing here?
Also the problem is, why "examination_id" parameter isn't sent to the request?
Request
Started POST "/examinations/1/participations" for 127.0.0.1 at 2014-03-26 10:47:01 +0200
Processing by ParticipationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"EuGZIXKJE9a1It6Ema5t+g07vXngQoqPMV5qQBfekfg=", "participation"=>{"user_id"=>"1", "examination_id"=>"", "language_preference"=>"İngilizce", "exam_center_preference"=>"1", "disability"=>"0"}, "commit"=>"Sınava Başvur", "examination_id"=>"1"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 ORDER BY "users"."id" ASC LIMIT 1
Examination Load (0.2ms) SELECT "examinations".* FROM "examinations" WHERE "examinations"."id" = ? LIMIT 1 [["id", "1"]]
Completed 500 Internal Server Error in 5ms
ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):
app/controllers/participations_controller.rb:37:in `create'
Routes.rb
resources :examinations do
resources :participations
end
Participation.rb
class Participation < ActiveRecord::Base
belongs_to :user
belongs_to :examination
end
Examination.rb
class Examination < ActiveRecord::Base
has_many :participations
has_many :users, :through => :participations
has_many :exam_fees, dependent: :destroy
has_many :exam_languages, dependent: :destroy
end
participations_controller.rb
#encoding: utf-8
class ParticipationsController < ApplicationController
before_filter :authenticate_user!
before_action :set_participation, only: [:show, :edit, :update, :destroy]
before_filter :get_examination
def get_examination
#examination = Examination.find(params[:examination_id])
end
# GET /participations
# GET /participations.json
def index
#participations = #examination.participations
end
# GET /participations/1
# GET /participations/1.json
def show
#participation = #examination.participations.find(params[:id])
end
# GET /participations/new
def new
#participation = Participation.new
end
# GET /participations/1/edit
def edit
end
# POST /participations
# POST /participations.json
def create
#participation = #examination.participations.new(params[:participation])
#participation.user = current_user
respond_to do |format|
if #participation.save
redirect_to #examination
format.html { redirect_to [#examination, #participation], notice: 'Sınav Katılımınız Oluşturuldu!' }
format.json { render action: 'show', status: :created, location: [#examination, #participation] }
else
render 'new'
format.html { render action: 'new' }
format.json { render json: #participation.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /participations/1
# PATCH/PUT /participations/1.json
def update
respond_to do |format|
if #participation.update(participation_params)
format.html { redirect_to [#examination, #participation], notice: 'Sınav Katılımını Güncellendi!' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #participation.errors, status: :unprocessable_entity }
end
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_participation
#participation = Participation.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def participation_params
params.require(:participation).permit(:user_id, :examination_id, :payment_status, :language_preference, :exam_center_preference, :disability)
end
end
/views/participations/_form.html.erb
<%= simple_form_for([#examination, #participation]) do |f| %>
<%= f.error_notification %>
<fieldset>
<legend>Sınav Katılımı</legend>
<%= f.input :user_id, :as => :hidden, :input_html => { :value => current_user.id } %>
<%= f.input :examination_id, as: :hidden %>
<%= f.input :language_preference, collection: ["Türkçe", "İngilizce", "Rusça"], label: 'Sınav Dili Tercihi' %>
<%= f.input :exam_center_preference, collection:ExamCenter.all, label_method: :city, as: :select, label: 'Sınav Merkezi Tercihi' %>
<%= f.input :disability, inline_label: 'Yardımcı İstiyorum', label: false %>
<%= f.button :submit, "Sınava Başvur" %>
</fieldset>
<% end %>
In order to assign parameters in Rails 4 to object, you should use strong parameters 'syntax' implemented in your participation_params method, instead of passing params directly. So change line:
#participation = #examination.participations.new(params[:participation])
to:
#participation = #examination.participations.new(participation_params)
Since you create your Participation record through association, you don't really need examination_id param in this controller. What's more, if you allow this parameter, it becomes easy to assign Participation to Examination other than from which context you create Participation, which I doubt to be desirable. So I guess you should remove examination_id both from fields in your form and from participation_params method.
Related
I'm trying to create clinics associated to the current user. But when I hit submit, I get this error.
I'm using devise, rails admin and cancancan. I don't know if any of these could be causing the error, or something else is wrong.
ActiveModel::ForbiddenAttributesError in ClinicsController#create
ActiveModel::ForbiddenAttributesError
user.rb
class User < ApplicationRecord
has_many :clinics, dependent: :destroy
accepts_nested_attributes_for :clinics, reject_if: :all_blank, allow_destroy: true
end
clinic.rb
class Clinic < ApplicationRecord
belongs_to :user
end
clinics_controller.rb
class ClinicsController < ApplicationController
before_action :set_clinic, only: [:show, :edit, :update, :destroy]
def index
#clinic = Clinic.all
#user = current_user
end
def show
#clinic = Clinic.find(params[:id])
#user = current_user
end
def edit
#clinic = Clinic.find(params[:id])
end
def new
#clinic = current_user.clinics.new
end
def create
#clinic = current_user.clinics.new(params[:clinic])
respond_to do |format|
if #clinic.save
format.html { redirect_to #clinic, notice: 'Clinic was successfully created.' }
format.json { render :show, status: :created, location: #clinic }
else
format.html { render :new }
format.json { render json: #clinic.errors, status: :unprocessable_entity }
end
end
end
def update
respond_to do |format|
if #clinic.update(params[:clinic])
format.html { redirect_to #clinic, notice: 'Clinic was successfully updated.' }
format.json { render :show, status: :ok, location: #clinic }
else
format.html { render :edit }
format.json { render json: #clinic.errors, status: :unprocessable_entity }
end
end
end
def destroy
#clinic.destroy
respond_to do |format|
format.html { redirect_to clinics_url, notice: 'Clinic was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_clinic
#clinic = Clinic.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params.require(:user)
.permit(:first_name, :last_name, :email, :password, :password_confirmation, :phone,
:practitioner_image,
:clinic_logo,
clinic_images: [],
profession_ids: [],
speciality_ids: [],
services_attributes: [:id, :description, :name, :duration, :price, :_destroy],
educations_attributes: [:id, :name, :place, :year, :_destroy],
membership_ids: [],
awards_attributes: [:id, :name, :year, :_destroy],
clinics_attributes: [:id, :clinic_name, :clinic_address, :clinic_zip_code, :clinic_municipality, :clinic_about, :clinic_mail, :clinic_phone, :clinic_website, :clinic_city, :_destroy,
practitioners_attributes: [:id, :public_health_insurance, :practitioner_gender, :practitioner_first_name, :practitioner_last_name, :practitioner_description, :practitioner_mail, :practitioner_phone, :practitioner_website, :_destroy]])
end
end
new.html.erb
<div id="ClinicGenerel" class="TabBlock">
<div class="content">
<div class="content clinic">
<h2 class="page-title">Generel information</h2>
<%= simple_form_for [#clinic] do |f| %>
<%= render 'clinics_fields', :f => f %>
<div class="submit-container">
<%= f.submit "Gem", :class => 'btn blue' %>
</div>
<% end %>
</div>
</div>
</div>
Log
Started POST "/clinics" for ::1 at 2020-03-09 20:35:16 +0100
Processing by ClinicsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"lkftNxR96kkoI4+m00fSevQC+dZU9KsqhvWrcWg+7RPNWd593lPj2aWBdM2vfX83k4t2WUb2LODPFJVnFwJkZg==", "clinic"=>{"clinic_name"=>"Testin", "clinic_address"=>"add", "clinic_zip_code"=>"34334", "clinic_city"=>"adsd", "clinic_municipality"=>"sadsa", "clinic_about"=>"dasds", "clinic_mail"=>"kvnana#yaoo.dk", "clinic_phone"=>"24210566", "clinic_website"=>""}, "commit"=>"Gem"}
User Load (0.8ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 96 ORDER BY `users`.`id` ASC LIMIT 1
↳ app/controllers/clinics_controller.rb:25
Completed 500 Internal Server Error in 5ms (ActiveRecord: 0.8ms)
ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):
app/controllers/clinics_controller.rb:25:in `create'
Change your new.html.erb to
<div id="ClinicGenerel" class="TabBlock">
<div class="content">
<div class="content clinic">
<h2 class="page-title">Generel information</h2>
<%= simple_form_for [#clinic] do |f| %>
<%= render 'clinics_fields', :f => f %>
<div class="submit-container">
<%= f.submit "Gem", :class => 'btn blue' %>
</div>
<% end %>
</div>
</div>
</div>
and try again.
<%= f.simple_fields_for(:clinics) do |p| %> needs to be removed since <%= f.simple_fields_for(:clinics) do |p| %> will try to loop over clinics association of clinic which doesn't exist.
From the codebase you shared, it seems you confused how to create nested relationship in a single request. i.e., Create user and clinic in single request per say in your case above.
There are couple of solution to just make it work.
Refer right parameters
Parameters: {"utf8"=>"✓", "authenticity_token"=>"1MpJgYCodgCLbJI2i5pZEjAV/a0qvJRHuLaSaim9Y3byHDAAqa4IbogbJNEzPTpyDNMRM3Wz5UFRU00CcBOYBQ==", "clinic"=>{"clinics"=>{"clinic_name"=>"My clinic", "clinic_address"=>"sdd", "clinic_zip_code"=>"343443", "clinic_city"=>"sadsasa", "clinic_municipality"=>"dsd", "clinic_about"=>"sasd", "clinic_mail"=>"kvnirva#yaho.dk", "clinic_phone"=>"24210866", "clinic_website"=>""}}, "commit"=>"Gem"}
If you look at your log, you won't find any key clinics_attributes but you are trying to get via params[:clinics_attributes] in create action which will return nil
Quick Fix: Replace params[:clinics_attributes] with params[:clinic][:clinics] in you create action
Better version is what suggested by #sahil-grover in above answer.
But you still have to understand the structure of params and adjust how you access it.
With that change you will need to replace params[:clinics_attributes] with params[:clinic] in you create action
Little better version to solution 2 is to use strong params(user_params in your case)
I think I got it working by changing #clinic = current_user.clinics.new(params[:clinic]) to #clinic = current_user.clinics.new(clinic_params) and instead of def user_params I've added this
def clinic_params
params.require(:clinic).permit(:id, :clinic_name, :clinic_address, :clinic_zip_code, :clinic_municipality, :clinic_about, :clinic_mail, :clinic_phone, :clinic_website, :clinic_city)
end
I am trying to create a nested attribute form for my Request model.
My parameters are not saving correctly when the Create action is triggered. Though in my console, the data is structured correctly for how I want it to be entered.
The :quantity attribute is on the JoinTable model of RequestDrink.
How can I white-list these parameters correctly?
Console Output
Started POST "/requests" for 127.0.0.1 at 2017-06-08 12:38:40 -0400
Processing by RequestsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"3ljcH44E7ZrEXNztlgGacyA0nyumNsTX6NyMMu9N+3SY0rCRXSsj/hsg0JP8jtVfDFkcEWOWHi/VwHrgertlLg==", "request"=>{"concierge_name"=>"Alex", "concierge_number"=>"954-123-4567", "concierge_email"=>"alex#email.com", "client_name"=>"Adam", "client_number"=>"954-765-4321", "client_email"=>"adam#email.com", "hotel_employee"=>"0", "concierge_service"=>"0", "vip_promoter"=>"0", "arriving_with_client"=>"1", "client_alone"=>"0", "males"=>"", "females"=>"1", "table_minimum"=>"1000", "event_date_id"=>"1", "arrival_time(1i)"=>"2017", "arrival_time(2i)"=>"6", "arrival_time(3i)"=>"8", "arrival_time(4i)"=>"16", "arrival_time(5i)"=>"38", "drinks_attributes"=>[{"id"=>"1", "quantity"=>"1"}, {"id"=>"2", "quantity"=>""}, {"id"=>"3", "quantity"=>""}, {"id"=>"4", "quantity"=>""}], "commit"=>"Submit"}
Completed 404 Not Found in 18ms (ActiveRecord: 0.0ms)
ActiveRecord::RecordNotFound (Couldn't find Drink with ID=1 for Request with ID=):
app/controllers/requests_controller.rb:34:in `create'
app/models/request.rb
class Request < ApplicationRecord
has_many :request_drinks
has_many :drinks, through: :request_drinks
accepts_nested_attributes_for :drinks
end
app/models/drinks.rb
class Drink < ApplicationRecord
has_many :request_drinks
has_many :requests, through: :request_drinks
end
app/models/request_drink.rb
class RequestDrink < ApplicationRecord
belongs_to :request
belongs_to :drink
end
app/controllers/request_controller.rb
class RequestsController < ApplicationController
before_action :set_request, only: [:show,
:edit,
:update,
:destroy]
def index
redirect_to root_path unless admin_signed_in?
#requests = Request.search(params[:term], params[:filter], params[:page])
end
def show
end
def new
#request = Request.new
#drinks = Drink.active
#chasers = Chaser.active
#table_locations = TableLocation.active
#event_dates = EventDate.active
end
def edit
end
def create
#request = Request.new(request_params)
#request.people = (#request.males || 0) + (#request.females || 0)
#drinks = Drink.active
#chasers = Chaser.active
#table_locations = TableLocation.active
#event_dates = EventDate.active
respond_to do |format|
if #request.save
format.html { redirect_to thanks_path, notice: 'Request was successfully created.' }
format.json { render :show, status: :created, location: #request }
else
format.html { render :new }
format.json { render json: #request.errors, status: :unprocessable_entity }
end
end
end
def update
respond_to do |format|
if #request.update(request_params)
format.html { redirect_to #request, notice: 'Request was successfully updated.' }
format.json { render :show, status: :ok, location: #request }
else
format.html { render :edit }
format.json { render json: #request.errors, status: :unprocessable_entity }
end
end
end
def destroy
#request.destroy
respond_to do |format|
format.html { redirect_to requests_url, notice: 'Request was successfully destroyed.' }
format.json { head :no_content }
end
end
private
def set_request
#request = Request.find(params[:id])
end
def request_params
params.require(:request).permit(:concierge_name,
:concierge_number,
:concierge_email,
:client_name,
:client_number,
:client_email,
:hotel_employee,
:concierge_service,
:vip_promoter,
:arriving_with_client,
:client_alone,
:people,
:males,
:females,
:table_minimum,
:arrival_time,
:comments,
:event_date_id,
:drinks_attributes => [:id, :quantity]
)
end
end
app/views/requests/_form.html.erb
<%= form_with(model: request, local: true) do |f| %>
...
<h4>Drinks</h4>
<% #drinks.all.each do |d| %>
<%= hidden_field_tag "request[drinks_attributes][][id]", d.id %>
<%= number_field_tag "request[drinks_attributes][][quantity]", 0, in: 0..10 %>
<%= d.name %>
<br />
<% end %>
...
<% end %>
The :quantity attribute is on the JoinTable model of RequestDrink.
Yet your are using drinks instead of request_drinks. Try changing your code to use the latter:
Model:
class Request < ApplicationRecord
has_many :request_drinks
has_many :drinks, through: :request_drinks
accepts_nested_attributes_for :request_drinks
end
View:
...
<%= hidden_field_tag "request[request_drinks_attributes][][id]", d.id %>
<%= number_field_tag "request[request_drinks_attributes][][quantity]", 0, in: 0..10 %>
...
Controller:
class RequestsController < ApplicationController
# other actions
def request_params
params.require(:request).permit(..., :request_drinks_attributes => [:id, :quantity])
end
end
Thank you, this worked as well as tweaking my parameters a little more. This is the completed code
app/models/request.rb
class Request < ApplicationRecord
has_many :request_drinks
has_many :drinks, through: :requests
accepts_nested_attributes_for :request_drinks
end
app/controllers/request_controller.rb
class RequestController < ApplicationRecord
...
def request_params
params.require(:request).permit(:concierge_name,
:concierge_number,
:concierge_email,
:client_name,
:client_number,
:client_email,
:hotel_employee,
:concierge_service,
:vip_promoter,
:arriving_with_client,
:client_alone,
:people,
:males,
:females,
:table_minimum,
:arrival_time,
:comments,
:is_deleted,
:approved,
:attended,
:event_date_id,
:request_drinks_attributes => [:request_id, :drink_id, :quantity]
:table_location_ids => []
)
end
end
app/views/requests/_form.html.erb
...
<h4>Drinks</h4>
<% #drinks.all.each do |d| %>
<%= hidden_field_tag "request[request_drinks_attributes][][request_id]", request.id %>
<%= hidden_field_tag "request[request_drinks_attributes][][drink_id]", d.id %>
<%= number_field_tag "request[request_drinks_attributes][][quantity]", 0, in: 0..10 %>
<%= d.name %>
<br />
<% end %>
i have a rails app. i have strange problem in saving form
this is my ticket model .
class Ticket < ApplicationRecord
belongs_to :user
has_many :ticketissues , inverse_of: :ticket
accepts_nested_attributes_for :ticketissues, :reject_if => lambda { |a| a[:body].blank? }
end
this is ticketisue model
class Ticketissue < ApplicationRecord
belongs_to :user
belongs_to :ticket
validates :body, presence: true
end
this is ticket controller
class TicketsController < ApplicationController
before_action :set_ticket, only: [:show, :edit, :update, :destroy]
# GET /tickets
# GET /tickets.json
def index
#tickets = Ticket.all
end
# GET /tickets/1
# GET /tickets/1.json
def show
end
# GET /tickets/new
def new
#ticket = Ticket.new
end
# GET /tickets/1/edit
def edit
end
# POST /tickets
# POST /tickets.json
def create
#ticket = Ticket.new(ticket_params)
#ticket.user_id = current_user.id
#ticket.ticketissues.build
respond_to do |format|
if #ticket.save
format.html { redirect_to #ticket, notice: 'Ticket was successfully created.' }
format.json { render :show, status: :created, location: #ticket }
else
format.html { render :new }
format.json { render json: #ticket.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /tickets/1
# PATCH/PUT /tickets/1.json
def update
respond_to do |format|
if #ticket.update(ticket_params)
format.html { redirect_to #ticket, notice: 'Ticket was successfully updated.' }
format.json { render :show, status: :ok, location: #ticket }
else
format.html { render :edit }
format.json { render json: #ticket.errors, status: :unprocessable_entity }
end
end
end
# DELETE /tickets/1
# DELETE /tickets/1.json
def destroy
#ticket.destroy
respond_to do |format|
format.html { redirect_to tickets_url, notice: 'Ticket was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_ticket
#ticket = Ticket.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def ticket_params
params.require(:ticket).permit(:subject, :subsubject, :user_id, ticketissues_attributes: [
:body, :id, :_destroy] )
#params.require(:ticket).permit!
end
end
and my view is like this
<%= f.input :subject , collection: [ "تغییر اطلاعات کسب و کار",
"تغییر اطلاعات یک کوپن",
"سایر موارد"] %>
<%= f.input :subsubject %>
<!-- <%= f.association :user %> -->
</div>
<%= f.simple_fields_for :ticketissue do |p| %>
<%= p.input :body %>
<% end %>
<div class="form-actions">
<%= f.button :submit %>
</div>
<% end %>
but when i want to create a ticket , form will not save to database
and i get this error:
Started POST "/tickets" for 127.0.0.1 at 2017-04-11 23:52:33 +0430
Processing by TicketsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"fsl6nTe0PjmBKpeuh16BRFlYOw0MB93LEYDVEAl6TtT/uu/LwGTA0P2q0bRxIxBUqHqZINXHntrZLt7MuCG84Q==", "ticket"=>{"subject"=>"تغییر اطلاعات کسب و کار", "subsubject"=>"lk", "ticketissue"=>{"body"=>"lkjkjkjkjkkjkj"}}, "commit"=>"Create Ticket"}
Unpermitted parameter: ticketissue
but when i use console and this command:
Ticket.create(subject: 'test' , subsubject: 'ticket test' , ticketissues_attributes: [{body: "[some thing" }] )
every things work fines and all data save.
tanks for read and help.
You must use the plural here
= f.simple_fields_for :ticketissues do |p|
I'm currently trying to add a collection_select of ranches to my staff
And I saw that it's better to create an extra table to make this association.
And I follow some tutorial, but is not working on my side
This is my code :
Staffs/_form :
<%= form_for(#staff) do |f| %>
<div class="field">
<%= f.label :name %><br>
<%= f.text_field :name %>
</div>
<%= fields_for(#staff_ranch) do |x| %>
<div class="field">
<%= x.collection_select(:ranch_id, #all_ranch, :id, :name, { }, {:multiple => true}) %>
</div>
<%end%>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
My models :
- Ranch :
has_many :ranchstaffs
has_many :staffs, :through => :ranchstaffs
- Staff :
has_many :ranchstaffs
has_many :ranches, :through => :ranchstaffs
-Ranchstaff :
belongs_to :ranch
belongs_to :staff
Staff controller :
class StaffsController < ApplicationController
before_action :set_staff, only: [:show, :edit, :update, :destroy]
# GET /ranches
# GET /ranches.json
def index
#staffs = current_user.staffs
end
# GET /ranches/1
# GET /ranches/1.json
def show
end
# GET /ranches/new
def new
#staff = Staff.new
#all_ranch = current_user.ranches
#staff_ranch = #staff.ranchstaffs.build
end
# GET /ranches/1/edit
def edit
end
# POST /ranches
# POST /ranches.json
def create
#staff = Staff.new(staff_params)
#staff.update(user_id: current_user.id)
respond_to do |format|
if #staff.save
format.html { redirect_to #staff, notice: 'Staff was successfully created.' }
format.json { render :show, status: :created, location: #staff }
else
format.html { render :new }
format.json { render json: #staff.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /ranches/1
# PATCH/PUT /ranches/1.json
def update
respond_to do |format|
if #staff.update(staff_params)
format.html { redirect_to #staff, notice: 'Staff was successfully updated.' }
format.json { render :show, status: :ok, location: #staff }
else
format.html { render :edit }
format.json { render json: #staff.errors, status: :unprocessable_entity }
end
end
end
# DELETE /ranches/1
# DELETE /ranches/1.json
def destroy
#staff.destroy
respond_to do |format|
format.html { redirect_to staffs_url, notice: 'Ranch was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_staff
#staff = Staff.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def staff_params
params.require(:staff).permit(:name, :user_id, :cat, :ranch_id)
end
end
Can you explain me why the model ranchstaff was not created after a creation of a new staff ?
As you are using fields_for you are using nested form but you are not permitting the parameters properly. First make change in your form:
<%= f.fields_for(#staff_ranch) do |x| %>
<div class="field">
<%= x.collection_select(:ranch_id, #all_ranch, :id, :name, { }, {:multiple => true}) %>
</div>
<% end %>
And then in your controller:
def staff_params
params.require(:staff).permit(:name, :user_id, :cat, ranchstaff_attributes: [ranch_id: []])
end
And in your Staff model write:
accepts_nested_attributes_for :ranchstaffs
Then your ranchstaff should be created when the User is being created.
Your ranch_id is coming in an array. So u have to specify that ranch_id would be array in strong parameters.
so your staff_params method would look like this
def staff_params
params.require(:staff).permit(:name, :user_id, :cat, :staff_ranch_attributes =>[:ranch_id => []])
end
Good day, community.
First of all, I'm a newbie in Rails. I did some thing with it in College 4 years ago, and now I decided to get back on it. Lots of things changed in version 4.
Anyway, I am experiencing issues with strong parameters. Here's what I have:
I'm using Ruby 2.1, Rails 4.1.
I am trying to create a form for a hockey match with parameters (id, team_a, team_b, arena, date, score_a, score_b). team is a table (id, name) and arena is a table (id, name).
When I pass the parameters from form to the controller, the json parameters seem to be okay. But, when it is converted into match_params it is missing some values from parameters from other table. For example, I am passing arena_id: 12, but it shows arena_id: as blank.
I've spent over 5 days on this thing. Any help appreciated.
Some of the code is bellow. Let me know if you need me to provide more information...
migration data
class CreateMatches < ActiveRecord::Migration
def change
create_table :matches do |t|
t.references :team_a, default: 1 # unknown
t.references :team_b, default: 1 # unknown
t.references :arena, default: 1 # unknown
t.datetime :date
t.integer :score_a
t.integer :score_b
t.timestamps
end
add_index :matches, :team_a_id
add_index :matches, :team_b_id
add_index :matches, :arena_id
end
end
class CreateTeams < ActiveRecord::Migration
def change
create_table :teams do |t|
t.string :name, null: false
t.timestamps
end
end
end
class CreateArena < ActiveRecord::Migration
def change
create_table :arena do |t|
t.string :name, null: false
t.timestamps
end
end
end
match.rb (model)
class Match < ActiveRecord::Base
belongs_to :team_a, :class_name => 'Team'
belongs_to :team_b, :class_name => 'Team'
belongs_to :arena
end
team.rb (model)
class Team < ActiveRecord::Base
has_many :matches
accepts_nested_attributes_for :matches
end
arena.rb (model)
class Arena < ActiveRecord::Base
has_many :matches
accepts_nested_attributes_for :matches
end
matches_controller.rb
class MatchesController < ApplicationController
before_action :set_match, only: [:show, :edit, :score, :update, :destroy]
include ActionView::Helpers::DateHelper
def index
# some code
end
def show
# some code
end
def new
#match = Match.new
#teams = Team.all.order("name ASC")
#arenas = Arena.all.order("name ASC")
end
# GET /matches/1/edit
def edit
# some code
end
def create
puts YAML::dump(match_params) # Checking passed params. Output is bellow
#match = Match.new(match_params)
respond_to do |format|
if #match.save
format.html { redirect_to #match, notice: 'Match was successfully created.' }
format.json { render action: 'show', status: :created, location: #match }
else
format.html { render action: 'new' }
format.json { render json: #match.errors, status: :unprocessable_entity }
end
end
end
def update
end
def destroy
end
private
# Use callbacks to share common setup or constraints between actions.
def set_match
#match = Match.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def match_params
params.require(:match).permit(:date, :score_a, :score_b, team_a_id: [:id, :name], team_b_id: [:id, :name], arena_id: [:id, :name])
end
public
end
teams_controller.rb
class TeamsController < ApplicationController
before_action :set_team, only: [:show, :edit, :update, :destroy]
layout :false
def index
#teams = Team.all
end
def show
end
def new
#team = Team.new
end
def edit
end
def create
#team = Team.new(team_params)
respond_to do |format|
if #team.save
format.json { render action: 'show', status: :created, location: #team }
format.html { redirect_to #team, notice: 'Team was successfully created.' }
else
format.html { render action: 'new' }
format.json { render json: #team.errors, status: :unprocessable_entity }
end
end
end
def update
respond_to do |format|
if #team.update(team_params)
format.json { head :no_content }
format.html { redirect_to #team, notice: 'Team was successfully updated.' }
else
format.html { render action: 'edit' }
format.json { render json: #team.errors, status: :unprocessable_entity }
end
end
end
def destroy
#team.destroy
respond_to do |format|
format.html { redirect_to teams_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_team
#team = Team.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def team_params
params.require(:team).permit(:name)
end
end
arenas_controller.rb
class ArenasController < ApplicationController
before_action :set_arena, only: [:show, :edit, :update, :destroy]
layout false
def index
#arena = Arena.all
end
def show
end
def new
#arena = Arena.new
end
def edit
end
def create
#arena = Arena.new(arena_params)
respond_to do |format|
if #arena.save
format.json { render action: 'show', status: :created, location: #arena }
format.html { redirect_to #arena, notice: 'Arena was successfully created.' }
else
format.html { render action: 'new' }
format.json { render json: #arena.errors, status: :unprocessable_entity }
end
end
end
def update
respond_to do |format|
if #arena.update(arena_params)
format.json { head :no_content }
format.html { redirect_to #arena, notice: 'Arena was successfully updated.' }
else
format.html { render action: 'edit' }
format.json { render json: #arena.errors, status: :unprocessable_entity }
end
end
end
def destroy
#arena.destroy
respond_to do |format|
format.html { redirect_to arenas_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_arena
#arena = Arena.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def arena_params
params.require(:arena).permit(:name)
end
end
matches/_match.html.erb
<%= form_for(#match, html: {role: 'form', class: 'form-horizontal'}) do |f| %>
<% if #match.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#match.errors.count, "error") %> prohibited this match from being saved:</h2>
<ul>
<% #match.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<%= f.label 'Home Team' %>
<%= f.collection_select :team_a_id, #teams, :id, :name, {prompt: true}, {class: ''} %>
<%= f.label 'Visitor Team' %>
<%= f.collection_select :team_b_id, #teams, :id, :name, {prompt: true}, {class: ''} %>
<%= f.label 'Arena' %>
<%= f.collection_select :arena_id, #arenas, :id, :name, {prompt: true}, {class: ''} %>
<%= f.label 'Date' %>
<%= f.datetime_select :date, class: 'form-control' %>
<%= f.submit value: 'Submit' %>
<% end %>
And here's what I am getting in console after dumping data:
Started POST "/matches" for 127.0.0.1 at 2014-05-06 18:24:20 -0700
Processing by MatchesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"0RJjnpczVkp2unG9VITyHYC89ThgELn5kVE2wYRymBU=", "match"=>{"team_a_id"=>"24", "team_b_id"=>"27", "arena_id"=>"21", "date(1i)"=>"2014", "date(2i)"=>"5", "date(3i)"=>"6", "date(4i)"=>"18", "date(5i)"=>"24"}, "commit"=>"Update"}
User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER BY `users`.`id` ASC LIMIT 1
--- !ruby/hash:ActionController::Parameters
date(1i): '2014'
date(2i): '5'
date(3i): '6'
date(4i): '18'
date(5i): '24'
team_a_id:
team_b_id:
arena_id:
(0.2ms) BEGIN
SQL (1.5ms) INSERT INTO `matches` (`created_at`, `date`, `arena_id`, `team_a_id`, `team_b_id`, `updated_at`) VALUES ('2014-05-07 01:24:20', '2014-05-07 01:24:00', NULL, NULL, NULL, '2014-05-07 01:24:20')
(0.2ms) COMMIT
Redirected to http://localhost:3000/matches/90
Completed 302 Found in 13ms (ActiveRecord: 2.4ms)
Take a look at your match_params, and compare it to what parameters are being passed to your controller from your form.
def match_params
params.require(:match).permit(:date, :score_a, :score_b, team_a_id: [:id, :name], team_b_id: [:id, :name], area_id: [:id, :name])
end
Parameters: {"utf8"=>"✓", "authenticity_token"=>"0RJjnpczVkp2unG9VITyHYC89ThgELn5kVE2wYRymBU=", "match"=>{"team_a_id"=>"24", "team_b_id"=>"27", "arena_id"=>"21", "date(1i)"=>"2014", "date(2i)"=>"5", "date(3i)"=>"6", "date(4i)"=>"18", "date(5i)"=>"24"}, "commit"=>"Update"}
You're permitting your arena_id in match_params as an array called area_id, with elements :id and :name. However, it's being passed from your form as just arena_id. You should change your match_params function to:
def match_params
params.require(:match).permit(:date, :score_a, :score_b, :team_a_id, :team_b_id, :arena_id)
end
Note that I've also changed :team_a_id and :team_b_id to be consistent with what's being passed in your parameters too, although it doesn't look like you're passing :score_a or :score_b. You should check out strong parameters in the rails guides for more information.
Okay, I found my mistake. (Thanks to JKen13579)
I have put params in the wrong place.
It should be something like that:
def match_params
params.require(:match).permit(:date, :score_a, :score_b, :team_a_id, :team_b_id , :arena_id)
end
def team_params
params.require(:team).permit(:name, matches_params:[:id, :match_id, :name])
end
def arena_params
params.require(:arena).permit(:name, matches_params:[:id, :match_id, :name])
end
It fixed the issue.
everyting but name will be removed when you call this:
params.require(:arena).permit(:name)