In Rails 4.2, I'd like to validate that every hash of an array passed as a parameter to my action has certain attributes.
For now I could only find how to filter out unwanted attributes, such as:
ActionController::Parameters.new(
points: [{lat: 42, foo: 0}, {lng: 43, bar: 100}]
).permit(
points: [:lat, :lng]
)
# => {"points"=>[{"lat"=>42}, {"lng"=>43}]}
What I'd like to do is making sure every member of points has both lat and lng without having to loop over it. Is this possible using permit or a similar method?
There is a method called require that has the same signature as permit:
params.require(:lat, :lng)
Note that you can chain this with permit
Also, you can use select or reject on the params hash, secure params is mostly sugar for this anyway.
def my_params
required_attrs = %w{lat lng}
missing_params = required_attrs.select do |key|
params.has_key?(key)
end
missing_params.empty? ? params : raise(RuntimeError, "missing params: #{missing_params.join(",")}")
end
Related
I am currently trying to permit params containing an array object.
#My controller
def students_params
params.require(:student).permit(standards:[], subjects: [])
end
So here in my case, I will have a list of params names to be permitted.
Consider I have a constant which has list as below:
STUDENTS_PARAMS = ['standands', 'subjects', 'grade', .....]
I tried doing this as below:
#My controller
def students_params
params.require(:student).permit(*STUDENTS_PARAMS)
end
Problem here is params with array value and getting included.
Instead of adding all fields manually is there any other way, I can achieve this?
Thanks you
I take it that you meant to say Problem here is params with array value and ARENT getting included., which is to be expected because its looking for a hash not a symbol/string.
What if you try passing
STUDENTS_PARAMS = [{standands: []}, {subjects: []}, 'grade']
def students_params
params.require(:student).permit(*STUDENTS_PARAMS)
end
How to permit dynamic params in an AppicationController?
so all these parameters should permitted:
params = { "filter_color" => "blue,green",
"filter_size" => "xl,sm,lg",
"filter_type" => "new,old,used",
"limit" => "10" }
But my approach only passes limit,
def product_params
params.permit(:limit, /filter_.*/)
end
The permit method only processes an incoming value if it's a Symbol, String, or Hash.
If you want to try to work around this you could do something like this:
filter_names = params.keys.select { |key| key[/\Afilter_.*/] }
params.permit(:limit, *filter_names)
But be aware that the point of Strong Parameters is to define an explicit set of allowed values to avoid security problems with mass-assigning user-provided values. As long as it's always safe to allow any user to pass in any kind of filter_* value, then you should be OK.
I'm working in Ruby on Rails and I'm trying to permit all values from a hash using Ruby's permit function. It seems rather simple, but I just cannot get this to work. I've already reviewed the references on permit, and answers to this SO question how to permit an array with strong parameters.
Here's my code
PERMITTED_PARAMS = [
:OriginCity,
:OriginState,
{ :PickupDates => {}}
].freeze
params = {"OriginCity"=>"Denver", "OriginState"=>"CO", "PickupDates"=>{"0"=>"2016-09-30"}}
filtered_params = params.permit(PERMITTED_PARAMS)
And, the resulting value for filtered_params is
{"OriginCity"=>"Denver", "PickupDates"=>{}}
While the desired value for filtered_params is
{"OriginCity"=>"Denver", "PickupDates"=>{"0":"2016-09-30"}}
Any advice on how to obtain the desired value by changing PERMITTED_PARAMS?
You want to permit all values in a hash, not an array, which is different from the example you linked to.
Try this:
PERMITTED_PARAMS = [
:OriginCity,
:OriginState
].freeze
params = {"OriginCity"=>"Denver", "OriginState"=>"CO", "PickupDates"=>{"0"=>"2016-09-30"}}
filtered_params = params.permit(PERMITTED_PARAMS).tap do |whitelisted|
whitelisted[:PickupDates] = params[:PickupDates]
end
See also: Strong parameters: allow hashes with unknown keys to be permitted
Assume we have a rails params hash full of nested hashes and arrays. Is there a way to alter every string value (whether in nested hashes or arrays) which matches a certain criteria (e.g. regex) and still keep the output as a params hash (still containing nested hashes arrays?
I want to do some sort of string manipulation on some attributes before even assigning them to a model. Is there any better way to achieve this?
[UPDATE]
Let's say we want to select the strings that have an h in the beginning and replace it with a 'b'. so we have:
before:
{ a: "h343", b: { c: ["h2", "s21"] } }
after:
{ a: "b343", b: { c: ["b2", "s21"] } }
For some reasons I can't do this with model callbacks and stuff, so it should have be done before assigning to the respective attributes.
still keep the output as a params hash (still containing nested hashes arrays
Sure.
You'll have to manipulate the params hash, which is done in the controller.
Whilst I don't have lots of experience with this I just spent a bunch of time testing -- you can use a blend of the ActionController::Parameters class and then using gsub! -- like this:
#app/controllers/your_controller.rb
class YourController < ApplicationController
before_action :set_params, only: :create
def create
# Params are passed from the browser request
#model = Model.new params_hash
end
private
def params_hash
params.require(:x).permit(:y).each do |k,v|
v.gsub!(/[regex]/, 'string')
end
end
end
I tested this on one of our test apps, and it worked perfectly:
--
There are several important points.
Firstly, when you call a strong_params hash, params.permit creates a new hash out of the passed params. This means you can't just modify the passed params with params[:description] = etc. You have to do it to the permitted params.
Secondly, I could only get the .each block working with a bang-operator (gsub!), as this changes the value directly. I'd have to spend more time to work out how to do more elaborate changes.
--
Update
If you wanted to include nested hashes, you'd have to call another loop:
def params_hash
params.require(:x).permit(:y).each do |k,v|
if /_attributes/ ~= k
k.each do |deep_k, deep_v|
deep_v.gsub!(/[regex]/, 'string'
end
else
v.gsub!(/[regex]/, 'string')
end
end
end
In general you should not alter the original params hash. When you use strong parameters to whitelist the params you are actually creating a copy of the params - which can be modified if you really need to.
def whitelist_params
params.require(:foo).permit(:bar, :baz)
end
But if mapping the input to a model is too complex or you don't want to do it on the model layer you should consider using a service object.
Assuming you have a hash like this:
hash = { "hello" => { "hello" => "hello", "world" => { "hello" => "world", "world" => { "hello" => "world" } } }, "world" => "hello" }
Then add a function that transforms the "ello" part of all keys and values into "i" (meaning that "hello" and "yellow" will become "hi" and "yiw")
def transform_hash(hash, &block)
hash.inject({}){ |result, (key,value)|
value = value.is_a?(Hash) ? transform_hash(value, &block) : value.gsub(/ello/, 'i')
block.call(result, key.gsub(/ello/, 'i'), value)
result
}
end
Use the function like:
new_hash = transform_hash(hash) {|hash, key, value| hash[key] = value }
This will transform your hash and it's values regardless of the nesting level. However, the values should be strings (or another Hash) otherwise you'll get an error. to solve this problem just change the value.is_a?(Hash) conditional a bit.
NOTE that I strongly recommend you NOT to change the keys of the hash!
I have data I am trying to POST that looks like { foo: [[:bar, 1], [:baz, 0]] }.
How do I permit that using strong parameters? The closest I can get is
params.permit(foo: [[]]) which returns {"foo"=>[]}
Maletor,
it seems to me that the strong parameters can't handle array of array.
I did read the code of it in github and it deals with Symbol, String and Hash.
For this case you'll have to handle with your own code.
Basically:
def permitted_params
result = params.require(:model).permit(:attributes).to_h # No array of arrays or hashes
result[:model][:array_of_arrays] = params[:model][:array_of_arrays]
result
end
One step further, say you have a Model#json and you want to store model.json[:array_of_arrays] = [[]]:
def permitted_params
result = params.require(:model).permit(:attributes).to_h # No array of arrays or hashes
result[:json] ||= {}
result[:json].merge!(array_of_arrays: params[:model][:json][:array_of_arrays])
result
end
Make sure you have permitted all your un-trusted params before you call to_h, and be careful what you merge in afterwards.