• 可以 我也来打广告 https://github.com/rails-engine 😂

  • 哦...那破案了...这个写法 5.1 才有的... https://github.com/rails/rails/commit/e86524c0c5a26ceec92895c830d1355ae47a7034

    遗留项目用 https://github.com/rails/rails/issues/9454#issuecomment-310821406 这种写法,RoleCore 应该整体还是兼容 5.0 的

    新项目直接上 6.0 吧,或者至少 5.1 以上

  • 那我晚上到家 起一个裸的试试...不过我自己不用cancancan也,理论上也跟他无关

  • ➜  role_core git:(master) rails c
    Loading development environment (Rails 6.0.0)
    [1] pry(main)> pa = {"utf8"=>"✓", "authenticity_token"=>"w0o9CGy+oR9bqZaPpmglcNnKrzRS+e7/LFTZOPePAOWrHHwbuMABqzolmhB3u0vVUSRSPqs77BwKHKU8iObC+Q==", "role"=>{"name"=>"j", "permissions_attributes"=>{"task"=>{"create"=>"1", "destroy"=>"0", "update"=>"0", "update_my_own"=>"1", "destroy_my_own"=>"1"}, "production"=>{"create"=>"1", "destroy"=>"0", "accept"=>"0", "read"=>"1", "read_public"=>"0"}, "topic"=>{"create"=>"1", "destroy"=>"1", "accept"=>"1"}}}, "commit"=>"Update Role", "id"=>"7"}
    => {"utf8"=>"✓",
    "authenticity_token"=>"w0o9CGy+oR9bqZaPpmglcNnKrzRS+e7/LFTZOPePAOWrHHwbuMABqzolmhB3u0vVUSRSPqs77BwKHKU8iObC+Q==",
     "role"=>
      {"name"=>"j",
       "permissions_attributes"=>
        {"task"=>{"create"=>"1", "destroy"=>"0", "update"=>"0", "update_my_own"=>"1", "destroy_my_own"=>"1"},
         "production"=>{"create"=>"1", "destroy"=>"0", "accept"=>"0", "read"=>"1", "read_public"=>"0"},
         "topic"=>{"create"=>"1", "destroy"=>"1", "accept"=>"1"}}},
     "commit"=>"Update Role",
     "id"=>"7"}
    
    [2] pry(main)> params = ActionController::Parameters.new(pa)
    => <ActionController::Parameters {"utf8"=>"✓", "authenticity_token"=>"w0o9CGy+oR9bqZaPpmglcNnKrzRS+e7/LFTZOPePAOWrHHwbuMABqzolmhB3u0vVUSRSPqs77BwKHKU8iObC+Q==", "role"=>{"name"=>"j", "permissions_attributes"=>{"task"=>{"create"=>"1", "destroy"=>"0", "update"=>"0", "update_my_own"=>"1", "destroy_my_own"=>"1"}, "production"=>{"create"=>"1", "destroy"=>"0", "accept"=>"0", "read"=>"1", "read_public"=>"0"}, "topic"=>{"create"=>"1", "destroy"=>"1", "accept"=>"1"}}}, "commit"=>"Update Role", "id"=>"7"} permitted: false>
    
    [3] pry(main)> params.require(:role).permit(:name, permissions_attributes: {})
    => <ActionController::Parameters {"name"=>"j", "permissions_attributes"=><ActionController::Parameters {"task"=><ActionController::Parameters {"create"=>"1", "destroy"=>"0", "update"=>"0", "update_my_own"=>"1", "destroy_my_own"=>"1"} permitted: true>, "production"=><ActionController::Parameters {"create"=>"1", "destroy"=>"0", "accept"=>"0", "read"=>"1", "read_public"=>"0"} permitted: true>, "topic"=><ActionController::Parameters {"create"=>"1", "destroy"=>"1", "accept"=>"1"} permitted: true>} permitted: true>} permitted: true>
    
    [4] pry(main)> params.require(:role).permit(:name, permissions_attributes: {}).to_h
    => {"name"=>"j",
     "permissions_attributes"=>
      {"task"=>{"create"=>"1", "destroy"=>"0", "update"=>"0", "update_my_own"=>"1", "destroy_my_own"=>"1"},
       "production"=>{"create"=>"1", "destroy"=>"0", "accept"=>"0", "read"=>"1", "read_public"=>"0"},
       "topic"=>{"create"=>"1", "destroy"=>"1", "accept"=>"1"}}}
    
    [5] pry(main)> Role.new(params.require(:role).permit(:name, permissions_attributes: {}))
       (0.8ms)  SELECT sqlite_version(*)
    => #<Role:0x0000564b77c637e8
     id: nil,
     name: "j",
     permissions:
      #<Global:OptionsModel {:foo=>false, :bar=>false, :project=>{:create=>true, :destroy=>false, :update=>false, :read=>true, :read_public=>false, :task=>{:create=>true, :destroy=>false, :update=>false, :update_my_own=>true, :destroy_my_own=>true}}, :task=>{:read=>false, :create=>true, :destroy=>false, :update=>false}}>,
     type: "Role",
     created_at: nil,
     updated_at: nil>
    

    我在控制台根据你提供的日志模拟过滤请求的动作,还是复现不出来

    你的 Ruby 和 Rails 版本是多少呢?我应该在 5.2 和 6.0 都验证过的,你那边用我的 Dummy app 有问题么?

  • 这个帖子一直没有更新,虽然基本都没有变(大体只改了名字)不过可以看下 https://github.com/rails-engine/role_core 我忘记是不是有更新了,这 gem 我自己也在用,所以你提的这个问题有点奇怪

  • 贴一下你 控制器 action 的代码?

    params.require(:role).permit(:name, permissions_attributes: {}) 这样 accepts_nested_attributes 的写法是 Rails 的标准做法

    https://guides.rubyonrails.org/action_controller_overview.html#permitted-scalar-values

    之前没人提过这个问题也,我不太觉得这里能有问题

  • 好像是我正贴的网址错了... 后来听了华顺的建议 重构并放到 https://github.com/rails-engine/role_core 去了... 你试试...

  • 我那个 Git 的 dummy 应用么?

    Unpermitted parameters: task, production, topic 问题出在这了,我看看

  • 就这样写,这样写的意思是允许 permissions_attributes 里的任何内容,这个跟请求传入的数据的结构是一样的

  • 支持!

非 geek、非 hacker、二流工程师