ActiveModel::ForbiddenAttributesError

Question

我在rails中创建了一个项目，控制器用户如下所示：

class UsersController < ApplicationController
    before_action :set_user, only: [:edit, :update]
    def new
        @user = User.new
    end

    def create
        @user = User.new(params[:user])
        if @user.save
            redirect_to root_url, :notice => "Signed up!"
        else
        render "new"
        end
    end

    private
     def user_params
      params.require(:user).permit(:email, :password, :password_confirmation)
    end
end

像这样的模型用户：

class User < ActiveRecord::Base
  #attr_accessible :email, :password, :password_confirmation

  attr_accessor :password
  before_save :encrypt_password

  def self.authenticate(email, password)
    user = find_by_email(email)
    if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
      user
    else
      nil
    end
  end

  def encrypt_password
    if password.present?
      self.password_salt = BCrypt::Engine.generate_salt
      self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
    end
  end
end

当我尝试创建新用户时，我得到了错误: ActiveModel::ForbiddenAttributesError

参数：

{"utf8"=>"✓",
 "authenticity_token"=>"74Mhbpn9FF/tY/cgfuVmX7ribN4rOkkdUjSgbLNsces=",
 "user"=>{"email"=>"henio180@interia.pl",
 "password"=>"[FILTERED]",
 "password_confirmation"=>"[FILTERED]"},
 "button"=>""}

我正在使用4.0.3。

Answer 1

在create方法中更改：

@user = User.new(params[:user])

至

@user = User.new(user_params)

虽然正确地创建了方法以设置强参数，但实际上并没有使用它。Rails指南中有关于使用强参数的详细信息：overview.html#strong-parameters