多个 require 和 permit 强参数 rails 4
Multiple require & permit strong parameters rails 4
在下面的例子中,我尝试使用强参数。我想要求 email_address, password 并允许 remember_me 字段。
但是像下面这样使用它只允许方法中的最后一行 Ex:-在下面的情况下它只需要params.permit(:remember_me)
private
def registration_params
params.require(:email_address)
params.require(:password)
params.permit(:remember_me)
end
另一个例子:- 在下面的例子中,如果我像下面那样重新排列它,它只需要 params.require(:email_address) 我哪里错了?
def registration_params
params.require(:password)
params.permit(:remember_me)
params.require(:email_address)
end
更新
参数哈希类似于
{
"utf8" => "✓",
"email_address" => "test1@gmail.com",
"password" => "password123",
"remember_me" => "true",
"commit" => "Log in",
"controller" => "registration",
"action" => "sign_in"
}
编辑:
这是您处理登录的 Rails 方式,我相信,在您需要 'require' 多个参数并将错误返回给用户的情况下。
与使用强参数不同,此方法在参数缺失或为空时向用户提供反馈(使用验证错误)。这比抛出异常更人性化。
创建一个 ActiveModel(不是 ActiveRecord)表单支持对象。这个表单支持对象是你指定哪些字段是必需的,当调用 valid? 时,这些字段将被验证。
有了这个,如果出现以下情况,您将得到很好的用户友好错误:
- 电子邮件丢失
- 密码丢失
- 邮箱和密码不匹配
models/session.rb
class Session
include ActiveModel::Model
attr_accessor :password, :email, :remember_me
validates_presence_of :password, :email # these fields are required!
def authenticate
return false unless valid? # this checks that required params
# are present and adds errors to the
# errors object if not
if User.authenticate(:password, :email) # validate credentials
true
else
errors.add(:email, "and password didn't match") # wrong credentials. add error!
false
end
end
end
创建控制器。这是您的控制器在登录用户时的样子:
app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
# GET /login
def new
@session = Session.new
end
# POST /login
def create
@session = Session.new(login_params)
if @session.authenticate
# do whatever you need to do to log the user in
# set remember_me cookie, etc.
redirect_to '/success', notice: 'You are logged in'
else
render :new # shows the form again, filled-in and with errors
end
end
private
def login_params
params.require(:session).permit(:email, :password, :remember_me)
end
end
设置视图
app/views/sessions/new.html.erb
<% if @session.errors.any? %>
<ul>
<% @session.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
<% end %>
<%= form_for @session, :url => login_path do |f| %>
<div>
<%= f.label :email, 'Email:' %>
</div>
<div>
<%= f.text_field :email %>
</div>
<div>
<%= f.label :password, 'Password:' %>
</div>
<div>
<%= f.password_field :password %>
</div>
<div>
<%= f.label :remember_me, 'Remember Me?' %>
<%= f.check_box :remember_me %>
</div>
<div>
<%= f.submit %>
</div>
<% end %>
最后,确保路由已配置
config/routes.rb
get 'login' => 'sessions#new'
post 'login' => 'sessions#create'
Stong 参数是为了防止对 Active Record 模型进行批量分配。您的参数应该以模型支持的形式设置。来自 Michael Hartl Tutorial 的示例:
注册表
<%= form_for(@user) do |f| %>
<%= f.label :name %>
<%= f.text_field :name %>
<%= f.label :email %>
<%= f.email_field :email %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.label :password_confirmation, "Confirmation" %>
<%= f.password_field :password_confirmation %>
<%= f.submit "Create my account", class: "btn btn-primary" %>
<% end %>
这将创建一个如下所示的参数:
参数
{
"utf8" => "✓",
"user" => { email: "test1@gmail.com", name:"Test Name", password: "password", password_confirmation: "password" },
"remember_me" => "true",
"commit" => "Log in",
"controller" => "registration",
"action" => "sign_in"
}
然后在您的注册控制器中,您可以使用强参数,例如:
强大的参数
params.require(:user).permit(:name, :email, :password, :password_confirmation)
看起来你的情况是处理一个登录,在这种情况下,你只需要使用常规参数来捕获登录信息。
会话创建
def sign_in
email = params[:email]
password = params[:password]
if User.authenticate!(email, password)
# do something
else
# do something different
end
end
好的,通过朋友找到了答案...一种方法是
params.require(:email_address)
params.require(:password)
params.permit(
:email_address,
:password,
:remember_me
)
效果不错。
2020 年解决方案:
def registration_params
params.require([:email_address, :password]) #require all of these
params.permit(:email_address, :password, :remember_me) #return hash
end
在下面的例子中,我尝试使用强参数。我想要求 email_address, password 并允许 remember_me 字段。
但是像下面这样使用它只允许方法中的最后一行 Ex:-在下面的情况下它只需要params.permit(:remember_me)
private
def registration_params
params.require(:email_address)
params.require(:password)
params.permit(:remember_me)
end
另一个例子:- 在下面的例子中,如果我像下面那样重新排列它,它只需要 params.require(:email_address) 我哪里错了?
def registration_params
params.require(:password)
params.permit(:remember_me)
params.require(:email_address)
end
更新 参数哈希类似于
{
"utf8" => "✓",
"email_address" => "test1@gmail.com",
"password" => "password123",
"remember_me" => "true",
"commit" => "Log in",
"controller" => "registration",
"action" => "sign_in"
}
编辑:
这是您处理登录的 Rails 方式,我相信,在您需要 'require' 多个参数并将错误返回给用户的情况下。
与使用强参数不同,此方法在参数缺失或为空时向用户提供反馈(使用验证错误)。这比抛出异常更人性化。
创建一个
ActiveModel(不是ActiveRecord)表单支持对象。这个表单支持对象是你指定哪些字段是必需的,当调用valid?时,这些字段将被验证。有了这个,如果出现以下情况,您将得到很好的用户友好错误:
- 电子邮件丢失
- 密码丢失
- 邮箱和密码不匹配
models/session.rb
class Session include ActiveModel::Model attr_accessor :password, :email, :remember_me validates_presence_of :password, :email # these fields are required! def authenticate return false unless valid? # this checks that required params # are present and adds errors to the # errors object if not if User.authenticate(:password, :email) # validate credentials true else errors.add(:email, "and password didn't match") # wrong credentials. add error! false end end end创建控制器。这是您的控制器在登录用户时的样子:
app/controllers/sessions_controller.rb
class SessionsController < ApplicationController # GET /login def new @session = Session.new end # POST /login def create @session = Session.new(login_params) if @session.authenticate # do whatever you need to do to log the user in # set remember_me cookie, etc. redirect_to '/success', notice: 'You are logged in' else render :new # shows the form again, filled-in and with errors end end private def login_params params.require(:session).permit(:email, :password, :remember_me) end end设置视图
app/views/sessions/new.html.erb
<% if @session.errors.any? %> <ul> <% @session.errors.full_messages.each do |msg| %> <li><%= msg %></li> <% end %> </ul> <% end %> <%= form_for @session, :url => login_path do |f| %> <div> <%= f.label :email, 'Email:' %> </div> <div> <%= f.text_field :email %> </div> <div> <%= f.label :password, 'Password:' %> </div> <div> <%= f.password_field :password %> </div> <div> <%= f.label :remember_me, 'Remember Me?' %> <%= f.check_box :remember_me %> </div> <div> <%= f.submit %> </div> <% end %>最后,确保路由已配置
config/routes.rb
get 'login' => 'sessions#new' post 'login' => 'sessions#create'
Stong 参数是为了防止对 Active Record 模型进行批量分配。您的参数应该以模型支持的形式设置。来自 Michael Hartl Tutorial 的示例:
注册表
<%= form_for(@user) do |f| %>
<%= f.label :name %>
<%= f.text_field :name %>
<%= f.label :email %>
<%= f.email_field :email %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.label :password_confirmation, "Confirmation" %>
<%= f.password_field :password_confirmation %>
<%= f.submit "Create my account", class: "btn btn-primary" %>
<% end %>
这将创建一个如下所示的参数:
参数
{
"utf8" => "✓",
"user" => { email: "test1@gmail.com", name:"Test Name", password: "password", password_confirmation: "password" },
"remember_me" => "true",
"commit" => "Log in",
"controller" => "registration",
"action" => "sign_in"
}
然后在您的注册控制器中,您可以使用强参数,例如:
强大的参数
params.require(:user).permit(:name, :email, :password, :password_confirmation)
看起来你的情况是处理一个登录,在这种情况下,你只需要使用常规参数来捕获登录信息。
会话创建
def sign_in
email = params[:email]
password = params[:password]
if User.authenticate!(email, password)
# do something
else
# do something different
end
end
好的,通过朋友找到了答案...一种方法是
params.require(:email_address)
params.require(:password)
params.permit(
:email_address,
:password,
:remember_me
)
效果不错。
2020 年解决方案:
def registration_params
params.require([:email_address, :password]) #require all of these
params.permit(:email_address, :password, :remember_me) #return hash
end