0

アドレス フォームがユーザー フォームにネストされていますが、入力する外部キーを取得できません。隠しフィールドの使用を提案する人を見たことがありますが、それはセキュリティの観点からは悪い考えのようです。コントローラーを使用して外部キーをどのように正確に設定しますか? 現在、送信しようとすると Address user can't be blank エラーが発生しています

以下のMVC

ユーザー\new.html.erb

<div>
    <%= form_for(@user) do |f| %>
        <%= render 'shared/error_messages' %>

        <%= f.label :rank %>
        <%= f.text_field :rank %>

        <%= f.label :firstName, "First Name" %>
        <%= f.text_field :firstName %>

        <%= f.label :lastName, "Last Name" %>
        <%= f.text_field :lastName %>

        <%= f.label :middleInitial, "Middle Initial" %>
        <%= f.text_field :middleInitial %>

            <%= fields_for :address do |a| %>

                <%= a.label :address %>
                <%= a.text_field :address %>

                <%= a.label :city %>
                <%= a.text_field :city %>

                <%= a.label :state %>
                <%= a.text_field :state %>

                <%= a.label :zip, "Zip Code" %>
                <%= a.text_field :zip %>
            <% end %>

        <%= f.label :email %>
        <%= f.text_field :email %>

        <%= f.label :dateOfBirth, "Date of Birth" %>
        <%= f.text_field :dateOfBirth %>

        <%= f.label :MOS, "MOS" %>
        <%= f.text_field :MOS %>

        <%= f.label :ets_pcsDate, "ETS/PCS Date" %>
        <%= f.text_field :ets_pcsDate %>

        <%= f.label :phoneNum, "Phone Number" %>
        <%= f.text_field :phoneNum %>

        <%= f.label :password %>
        <%= f.text_field :password %>   

        <%= f.label :password_confirmation, "Confirmation" %>
        <%= f.text_field :password_confirmation %>  

        <%= f.submit "Sign up" %>
    <% end %>
</div>

<h1>Users#new</h1>
<p>Find me in app/views/users/new.html.erb</p>

モデル

ユーザー

class User < ActiveRecord::Base
  attr_accessible :MOS, :dateOfBirth, :ets_pcsDate, :firstName, 
  :lastName, :middleInitial, :phoneNum, :rank, :email, :password, 
  :password_confirmation

  has_secure_password
  has_one :address, dependent: :destroy

  accepts_nested_attributes_for :address


  before_save {  |user| user.email = email.downcase  }
  before_save :create_remember_token

  validates :rank,          presence: true
  validates :firstName,         presence: true, length: {  maximum: 15  }
  validates :lastName,      presence: true, length: {  maximum: 20  }
  validates :middleInitial,     presence: true, length: {  maximum: 1  }

  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
  validates :email,         presence: true, 
                format: {  with: VALID_EMAIL_REGEX  },
                    uniqueness: {  case_sensitive: false  }

  validates :dateOfBirth,       presence: true
  validates :MOS,               presence: true
  validates :ets_pcsDate,           presence: true
  validates :phoneNum,          presence: true
  validates :password,      length: {  minimum: 6  }
  validates :password_confirmation, presence: true


  private

    def create_remember_token
      self.remember_token = SecureRandom.urlsafe_base64
    end
  end

住所

class Address < ActiveRecord::Base
  attr_accessible :address, :city, :state, :zip

belongs_to :user

validates :address,         presence: :true
validates :city,              presence: :true
validates :state,               presence: :true
validates :zip,           presence: true
    validates :user_id,       presence: true
end

コントローラ

class UsersController < ApplicationController
  before_filter :signed_in_user, only: [:index, :edit, :update, :show, :destory]
  before_filter :correct_user, only:[:edit, :update]
  before_filter :admin_user, only: :destroy

  def new
@user = User.new
    @user.address.build
  end

  def create
@user = User.new(params[:user])
@address = @user.build_address(params[:address])
   if @user.save
    sign_in @user
            flash[:success] = "Welcome to B Troop!"
    redirect_to @user
else
    render 'new'
end
  end

  def show
@user = User.find(params[:id])
  end

  def index
    @users = User.paginate(page: params[:page])
  end

  def edit
  end

  def update
    if @user.update_attributes(params[:user])
      flash[:success] = "Profile updated"
      sign_in @user
      redirect_to @user
    else
      render 'edit'
    end
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "User removed"
    redirect_to users_path
  end

  private
    def signed_in_user
      unless signed_in?
        store_location
        redirect_to root_path, notice: "Please sign in."
      end
    end

    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_path) unless current_user?(@user)
    end

    def admin_user
      redirect_to(root_path) unless current_user.admin?
    end
end
4

1 に答える 1

0

user_id 検証を削除すると、うまくいきました。

于 2013-04-22T02:57:50.440 に答える