I'm trying to avoid conflicts with Rails reserved names in a Controller that's receiving JSON.
The code:
class TransactionsController < ApplicationController
#before_action :set_origin_transaction, only: [:show, :edit, :update, :destroy]
skip_before_action :verify_authenticity_token, :only => [:create]
def create
total = origin_transaction_params[:total]
outputs_value = origin_transaction_params[:origin_inputs_attributes][:output_value]
binding.pry
origin_inputs_addresses = origin_transaction_params[:origin_inputs_attributes][:addresses]
origin_outputs_value = origin_transaction_params[:origin_outputs_attributes][:output_value]
origin_outputs_addresses = origin_transaction_params[:origin_outputs_attributes][:addresses]
puts "total: " + total + "outputs_value: " + origin_outputs_value + "inputs_addresses: " + origin_inputs_addresses
puts "outputs_value: " + origin_outputs_value + "outputs_addresses: " + origin_outputs_addresses
end
# This is made to avoid using reserved names of ruby (transaction, inputs, outputs, etc), we change the keys
private
def origin_transaction_params
params.deep_transform_keys! { |key| key == "hash" ? "origin_hash" : ( key == "inputs" ? "origin_inputs_attributes" : ( key == "outputs" ? "origin_outputs_attributes" : ( key == "addresses" ? "btcaddresses" : key))) }
params.permit(
:block_height,
:block_index,
:origin_hash,
:total,
:fees,
:size,
:preference,
:relayed_by,
:received,
:ver,
:lock_time,
:double_spend,
:vin_sz,
:vout_sz, :confirmations,
:origin_inputs_attributes => [ :prev_hash, :output_index, :script, :output_value, :sequence, :btcaddresses, :script_type ],
:origin_outputs_attributes => [ :value, :script, :btcaddresses, :script_type ])
end
end
The error:
Processing by TransactionsController#create as */*
Parameters: {"block_height"=>-1, "block_index"=>-1, "hash"=>"4f14eb3517c92221892d7b86b4e691de404dddecbcc5d6d03148de8b1a6aceb8", "addresses"=>["12onkFjRFBdmgAMW5fapaGfo8E2PWxNRbb", "191JF8jDaCCADJsjrx171fd6PE6D9YtGoi", "1MGHXDQAA4mfBSLK4Dt3QDrAXNcXaaW7JY", "1PZCBuJC53HwjVhXb5B1rA4uFhrHrqrUUC"], "total"=>183092, "fees"=>33660, "size"=>372, "preference"=>"high", "relayed_by"=>"67.205.175.175:8333", "received"=>"2017-01-02T00:59:06.751Z", "ver"=>1, "lock_time"=>0, "double_spend"=>false, "vin_sz"=>2, "vout_sz"=>2, "confirmations"=>0, "inputs"=>[{"prev_hash"=>"dcb03a8c3dc38e28376b5b97479b06c383813c3fc5bcc66fb59c4967b85436c3", "output_index"=>1, "script"=>"47304402205c1cdd0cf3f789375a6dfc0c76eba142724edda2473b235547b7275f7dd0f1c4022046ec4f0be0726d848f6ccd1467b04023897e4575988115c0ac8dbaf569fe03da012102a6237f2117e38d566581452171cff013cfee6f69d5af84fab2214350882a81d9", "output_value"=>108376, "sequence"=>4294967295, "addresses"=>["12onkFjRFBdmgAMW5fapaGfo8E2PWxNRbb"], "script_type"=>"pay-to-pubkey-hash"}, {"prev_hash"=>"9609e8f8a18a11ce54f2b726df5cee24e4589a03feef9b121be5a2eb4ce27ce0", "output_index"=>1, "script"=>"47304402207a29300f3570b5d635b344e3fdc38b3906cb7712870a4a775b4a10cb000b0b6202207ffbd30d0ad0cafb1e93253b17ab302583816c8e17d9d15114c544a6614c9e3201210314fd8f972f8d3e840dfeee629dc5bdcb81c272334c6b23ff34ccd5cbc761fadd", "output_value"=>108376, "sequence"=>4294967295, "addresses"=>["1PZCBuJC53HwjVhXb5B1rA4uFhrHrqrUUC"], "script_type"=>"pay-to-pubkey-hash"}], "outputs"=>[{"value"=>82592, "script"=>"76a91457cf668b86c09b50e1fe89fac148ba321380d54588ac", "addresses"=>["191JF8jDaCCADJsjrx171fd6PE6D9YtGoi"], "script_type"=>"pay-to-pubkey-hash"}, {"value"=>100500, "script"=>"76a914de468bcbc3c1bf0e25dd9b626c60eac3a8d8d91488ac", "addresses"=>["1MGHXDQAA4mfBSLK4Dt3QDrAXNcXaaW7JY"], "script_type"=>"pay-to-pubkey-hash"}], "transaction"=>{"block_height"=>-1, "block_index"=>-1, "hash"=>"4f14eb3517c92221892d7b86b4e691de404dddecbcc5d6d03148de8b1a6aceb8", "addresses"=>["12onkFjRFBdmgAMW5fapaGfo8E2PWxNRbb", "191JF8jDaCCADJsjrx171fd6PE6D9YtGoi", "1MGHXDQAA4mfBSLK4Dt3QDrAXNcXaaW7JY", "1PZCBuJC53HwjVhXb5B1rA4uFhrHrqrUUC"], "total"=>183092, "fees"=>33660, "size"=>372, "preference"=>"high", "relayed_by"=>"67.205.175.175:8333", "received"=>"2017-01-02T00:59:06.751Z", "ver"=>1, "lock_time"=>0, "double_spend"=>false, "vin_sz"=>2, "vout_sz"=>2, "confirmations"=>0, "inputs"=>[{"prev_hash"=>"dcb03a8c3dc38e28376b5b97479b06c383813c3fc5bcc66fb59c4967b85436c3", "output_index"=>1, "script"=>"47304402205c1cdd0cf3f789375a6dfc0c76eba142724edda2473b235547b7275f7dd0f1c4022046ec4f0be0726d848f6ccd1467b04023897e4575988115c0ac8dbaf569fe03da012102a6237f2117e38d566581452171cff013cfee6f69d5af84fab2214350882a81d9", "output_value"=>108376, "sequence"=>4294967295, "addresses"=>["12onkFjRFBdmgAMW5fapaGfo8E2PWxNRbb"], "script_type"=>"pay-to-pubkey-hash"}, {"prev_hash"=>"9609e8f8a18a11ce54f2b726df5cee24e4589a03feef9b121be5a2eb4ce27ce0", "output_index"=>1, "script"=>"47304402207a29300f3570b5d635b344e3fdc38b3906cb7712870a4a775b4a10cb000b0b6202207ffbd30d0ad0cafb1e93253b17ab302583816c8e17d9d15114c544a6614c9e3201210314fd8f972f8d3e840dfeee629dc5bdcb81c272334c6b23ff34ccd5cbc761fadd", "output_value"=>108376, "sequence"=>4294967295, "addresses"=>["1PZCBuJC53HwjVhXb5B1rA4uFhrHrqrUUC"], "script_type"=>"pay-to-pubkey-hash"}], "outputs"=>[{"value"=>82592, "script"=>"76a91457cf668b86c09b50e1fe89fac148ba321380d54588ac", "addresses"=>["191JF8jDaCCADJsjrx171fd6PE6D9YtGoi"], "script_type"=>"pay-to-pubkey-hash"}, {"value"=>100500, "script"=>"76a914de468bcbc3c1bf0e25dd9b626c60eac3a8d8d91488ac", "addresses"=>["1MGHXDQAA4mfBSLK4Dt3QDrAXNcXaaW7JY"], "script_type"=>"pay-to-pubkey-hash"}]}}
DEPRECATION WARNING: Method deep_transform_keys! is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.1/classes/ActionController/Parameters.html (called from origin_transaction_params at /var/www/html/hubble/app/controllers/transactions_controller.rb:23)
Unpermitted parameter: btcaddresses
Unpermitted parameter: btcaddresses
Unpermitted parameter: btcaddresses
Unpermitted parameter: btcaddresses
Unpermitted parameters: btcaddresses, transaction
DEPRECATION WARNING: Method deep_transform_keys! is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.1/classes/ActionController/Parameters.html (called from origin_transaction_params at /var/www/html/hubble/app/controllers/transactions_controller.rb:23)
Unpermitted parameter: btcaddresses
Unpermitted parameter: btcaddresses
Unpermitted parameter: btcaddresses
Unpermitted parameter: btcaddresses
Unpermitted parameters: btcaddresses, transaction
Completed 500 Internal Server Error in 13ms (ActiveRecord: 0.0ms)
TypeError (no implicit conversion of Symbol into Integer):
app/controllers/transactions_controller.rb:9:in `[]'
I would also like to stop using the deprecated method.
UPDATE
As suggested by #Glyoko removed a lot of wrong things:
class TransactionsController < ApplicationController
skip_before_action :verify_authenticity_token, :only => [:create]
def create
total = transaction_params[:total]
binding.pry #debugging
render status: :created
end
private
def transaction_params
params.permit(
:block_height, :block_index, :hash,
:addresses[], #### LINE 15 ERROR
:total, :fees, :size, :preference, :relayed_by, :received,
:ver, :lock_time, :double_spend, :vin_sz, :vout_sz, :confirmations,
:inputs => [ :prev_hash, :output_index, :script, :output_value, :sequence, :addresses[], :script_type],
:outputs => [ :value, :script, :addresses [], :script_type ])
end
end
ERROR:
Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms)
ArgumentError (wrong number of arguments (given 0, expected 1..2)):
app/controllers/transactions_controller.rb:15:in []'
app/controllers/transactions_controller.rb:15:intransaction_params'
app/controllers/transactions_controller.rb:6:in `create'
Notice that addresses might have 1 or several addresses
I don't think there's any problem here relating to reserved keywords, though I see at least 4 things going wrong:
1) The TypeError on line 9,
2) The deprecation warning,
3) The unpermitted parameter warning, and
4) The 500 error,
The tl;dr is that the params.deep_transform_keys! is doing some serious dark magic for all the wrong reasons, and you should probably delete that line and rethink your approach. That deep_transform_keys! is definitely the reason for (2) and (3), and is possibly the reason for (1). More detailed answers, in the order I listed them:
1) The TypeError on line 9 comes from origin_transaction_params[:origin_inputs_attributes][:output_value]. origin_transaction_params[:origin_inputs_attributes] is returning some sort of non-hash object, which means you're calling something_thats_not_a_hash[:output_value], which produces the TypeError. You could add protection for this in your controller, but this probably reflects a deeper problem with your data structure. (What's the JSON payload look like?)
2) As of Rails 4, params is now an instance of ActionController::Parameters. params will look and act like a hash, but it is not really a hash proper under the hood. This means that not all hash methods will work on it. In this case, deep_transform_keys! happens to work for now, but as the warning says, its implementation will change as of Rails 5.1 and deep_transform_keys! will no longer work on it. There's no way to get rid of this warning without getting rid of the call to deep_transform_keys!.
In fact, the proper use case of strong params is to call permit only on key names that are part of the expected payload. That is, only call permit on key names that are part of the unaltered JSON payload. This probably means you should in fact get rid of the deep_transform_keys!, as using it to alter the params hash is improper usage.
In any case, "transaction", "inputs", and "outputs" are NOT reserved keywords in ruby, and even if they were, that wouldn't stop them from being keys in a hash as long as they're quoted.
3) The deep_transform_keys! line is creating a root level key called "btcaddresses". It's not just inside origin_inputs_attributes/origin_outputs_attributes, so it needs to be permitted at the root. Again, this is only needed if you keep the deep_transform_keys! line. You really probably want to get rid of it.
4) The 500 error is coming from (1), so this would be solved once that's fixed, although you may still encounter 500's if your views aren't setup properly. If this happens, try adding something like
render status: :created
to the end of the create method, and make sure you have a create template in your view/ directory.
everyone
Code is now working, it just still saying "Unpermitted parameter: transaction", but it's printing what I needed. I searched the JSON and there's not a single word named transaction, and same thing within the code:
class TransactionsController < ApplicationController
skip_before_action :verify_authenticity_token, :only => [:create]
def create
amount = btcTx_params[:total]
btcAddresses = btcTx_params[:outputs][0][:addresses]
confirmations = btcTx_params[:confirmations]
double_spend = btcTx_params[:double_spend]
puts "Bitcoin Addresses = #{btcAddresses}"
puts "Amount = #{amount}"
puts "Confirmations = #{confirmations}"
puts "Is double spend? = #{double_spend}"
#binding.pry #debugging
render status: :created
end
private
def btcTx_params
params.permit(
:block_height, :block_index, :hash,
:total, :fees, :size, :preference, :relayed_by, :received,
:ver, :lock_time, :double_spend, :vin_sz, :vout_sz, :confirmations,
:inputs => [ :prev_hash, :output_index, :script, :output_value, :sequence, :script_type, :addresses => [] ],
:outputs => [ :value, :script, :script_type, :addresses => [] ],
:addresses => [])
end
end
Output:
Parameters:
{
"block_height":-1,
"block_index":-1,
"hash":"4f14eb3517c92221892d7b86b4e691de404dddecbcc5d6d03148de8b1a6aceb8",
"addresses":[
"12onkFjRFBdmgAMW5fapaGfo8E2PWxNRbb",
"191JF8jDaCCADJsjrx171fd6PE6D9YtGoi",
"1MGHXDQAA4mfBSLK4Dt3QDrAXNcXaaW7JY",
"1PZCBuJC53HwjVhXb5B1rA4uFhrHrqrUUC"
],
"total":183092,
"fees":33660,
"size":372,
"preference":"high",
"relayed_by":"67.205.175.175:8333",
"received":"2017-01-02T00:59:06.751Z",
"ver":1,
"lock_time":0,
"double_spend":false,
"vin_sz":2,
"vout_sz":2,
"confirmations":0,
"inputs":[
{
"prev_hash":"dcb03a8c3dc38e28376b5b97479b06c383813c3fc5bcc66fb59c4967b85436c3",
"output_index":1,
"script":"47304402205c1cdd0cf3f789375a6dfc0c76eba142724edda2473b235547b7275f7dd0f1c4022046ec4f0be0726d848f6ccd1467b04023897e4575988115c0ac8dbaf569fe03da012102a6237f2117e38d566581452171cff013cfee6f69d5af84fab2214350882a81d9",
"output_value":108376,
"sequence":4294967295,
"addresses":[
"12onkFjRFBdmgAMW5fapaGfo8E2PWxNRbb"
],
"script_type":"pay-to-pubkey-hash"
},
{
"prev_hash":"9609e8f8a18a11ce54f2b726df5cee24e4589a03feef9b121be5a2eb4ce27ce0",
"output_index":1,
"script":"47304402207a29300f3570b5d635b344e3fdc38b3906cb7712870a4a775b4a10cb000b0b6202207ffbd30d0ad0cafb1e93253b17ab302583816c8e17d9d15114c544a6614c9e3201210314fd8f972f8d3e840dfeee629dc5bdcb81c272334c6b23ff34ccd5cbc761fadd",
"output_value":108376,
"sequence":4294967295,
"addresses":[
"1PZCBuJC53HwjVhXb5B1rA4uFhrHrqrUUC"
],
"script_type":"pay-to-pubkey-hash"
}
],
"outputs":[
{
"value":82592,
"script":"76a91457cf668b86c09b50e1fe89fac148ba321380d54588ac",
"addresses":[
"191JF8jDaCCADJsjrx171fd6PE6D9YtGoi"
],
"script_type":"pay-to-pubkey-hash"
},
{
"value":100500,
"script":"76a914de468bcbc3c1bf0e25dd9b626c60eac3a8d8d91488ac",
"addresses":[
"1MGHXDQAA4mfBSLK4Dt3QDrAXNcXaaW7JY"
],
"script_type":"pay-to-pubkey-hash"
}
]
}
Unpermitted parameter: transaction
Unpermitted parameter: transaction
Unpermitted parameter: transaction
Unpermitted parameter: transaction
PUTS
Bitcoin Addresses = ["191JF8jDaCCADJsjrx171fd6PE6D9YtGoi"]
Amount = 183092
Confirmations = 0
Is double spend? = false
Rendering transactions/create.html.erb within layouts/application
Rendered transactions/create.html.erb within layouts/application (0.6ms)
Completed 201 Created in 41ms (Views: 28.5ms | ActiveRecord: 0.0ms)
But that was hell out of an improvement.
Thanks a lot, guys
Aaaaaand...it's done!
class TransactionsController < ApplicationController
skip_before_action :verify_authenticity_token, :only => [:create]
def create
amount = btcTx_params[:total]
btcAddresses = btcTx_params[:outputs][0][:addresses]
confirmations = btcTx_params[:confirmations]
double_spend = btcTx_params[:double_spend]
puts "Bitcoin Addresses = #{btcAddresses}"
puts "Amount = #{amount}"
puts "Confirmations = #{confirmations}"
puts "Is double spend? = #{double_spend}"
#binding.pry
#binding.pry #debugging
render status: :created
end
private
def btcTx_params
params.require(:transaction).permit(
:block_height, :block_index, :hash,
:total, :fees, :size, :preference, :relayed_by, :received,
:ver, :lock_time, :double_spend, :vin_sz, :vout_sz, :confirmations,
:inputs => [ :prev_hash, :output_index, :script, :output_value, :sequence, :script_type, :addresses => [] ],
:outputs => [ :value, :script, :script_type, :addresses => [] ],
:addresses => [])
end
end
It needed params.require(:transaction). Now the unpermitted parametter: transaction error is gone =) thanks a lot for your help
Related
I'm new to Rails and have started building my first api; I'm attempting to send an array of strings down as one of the parameters in my api request, like this:
{
"name": "doot doot",
"plans": "",
"sketches": "",
"images": ["foo.png", "bar.png"]
}
Originally, images was a string but I ran a migration to alter it to allow for an array of strings instead, like this:
change_column :projects, :images, "varchar[] USING (string_to_array(images, ','))"
In the controller I've defined the create function as:
def create
project = Project.create(project_params)
render json: project
end
def project_params
params.require(:project).permit(:name, :plans, :sketches, :images)
end
but I still get the following error:
Unpermitted parameter: :images. Context: { controller: ProjectsController, action: create, request: #<ActionDispatch::Request:0x00007fb6f4e50e90>, params: {"name"=>"Simple Box", "plans"=>"", "sketches"=>"", "images"=>["foo.png", "bar.png"], "controller"=>"projects", "action"=>"create", "project"=>{"name"=>"Simple Box", "plans"=>"", "sketches"=>"", "images"=>["foo.png", "bar.png"]}} }
I consulted this question here but the solutions didn't work; any suggestions?
You need to specify that images is an array.
params.require(:project).permit(:name, :plans, :sketches, images: [])
See Permitted Scalar Values in the Rails Guides.
I am trying to create multiple "Absence"s by posting:
Parameters: {"absences"=>[{"user_id"=>1, "lesson_id"=>25,
"excused"=>true}, {"user_id"=>2, "lesson_id"=>25, "excused"=>true}]}
However, I am not able to whitelist this format in the controller. I attempted to follow the solution from "How to use strong parameters with an objects array in Rails".
In my case:
def absence_params
params.permit(absences: [:user_id, :lesson_id, :excused])
end
I get
ActiveModel::UnknownAttributeError (unknown attribute 'absences' for Absence.):
Then I tried:
Parameters: {"absence"=>[{"user_id"=>1, "lesson_id"=>25,
"excused"=>true}, {"user_id"=>2, "lesson_id"=>25, "excused"=>true}]}
def absence_params
params.permit(:absence, array: [:user_id, :lesson_id, :excused])
end
and got:
Unpermitted parameters: :absence, :format
---- Resolved ----
The gem 'cancancan' was not allowing me to create using an array.
If you have an issue permitting an array in the strong params, try
params.require(:absences).map do |p|
p.permit(:user_id, :lesson_id, :excused)
end
Your parameters permit code is correct:
require "bundler/inline"
gemfile(ENV['INSTALL'] == '1') do
source "https://rubygems.org"
gem "actionpack", "6.0.2.2"
gem "activesupport", "6.0.2.2"
end
require "active_support/core_ext"
require "action_controller/metal/strong_parameters"
require "minitest/autorun"
class BugTest < Minitest::Test
def test_stuff
params = ActionController::Parameters.new({
"absences"=>[
{"user_id"=>1, "unpermitted_param" => 123, "lesson_id"=>25, "excused"=>true},
{"user_id"=>2, "lesson_id"=>25, "excused"=>true}
]
})
assert_equal(
{
"absences"=>[
{"user_id"=>1, "lesson_id"=>25, "excused"=>true},
{"user_id"=>2, "lesson_id"=>25, "excused"=>true}
]
},
params.permit(absences: [:user_id, :lesson_id, :excused]).to_h
)
end
end
The error comes from some other place, most likely you're trying to do something like Absence.create(absence_params), which will only work for single records.
To create an array at once you should adjust other relevant code accordingly, for example:
Manually handle the array like:
#absenses = params["absences"].map do |raw_absense_params|
Absense.create!(raw_absense_params.permit(:user_id, :lesson_id, :excused))
end
Employ accepts_nested_attrubutes_for :absenses for the parent model if you have any (probably Lesson). The code for this will be cleaner, as Rails will handle most things for you, like cases when not all instances can be saved because of validation, etc.
I have searched everywhere but does anyone know if it is possible to permit and array of arrays using strong parameters in rails? My code looks like this:
params.require(:resource).permit(:foo, :bar => [[:baz, :bend]])
This is giving me:
ArgumentError (wrong number of arguments (0 for 1..2))
I have also tried:
params.require(:resource).permit(:foo, :bar => [[]])
params.require(:resource).permit(:foo, :bar => [][])
params.require(:resource).permit(:foo, :bar => [])
But these all give me invalid parameter errors or do not process the parameters.
Thanks in advance for any help
Looking at the code I think this is not possible. you have to flatten the second level.
def permit(*filters)
params = self.class.new
filters.each do |filter|
case filter
when Symbol, String
permitted_scalar_filter(params, filter)
when Hash then
hash_filter(params, filter)
end
end
unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters
params.permit!
end
Here's an example taken from rails strong parameter Github page:
params.permit(:name, {:emails => []}, :friends => [ :name, { :family => [ :name ], :hobbies => [] }])
I recently performed a migration turning a string column into a Postgres array. The migration was as follows:
def change
change_column :projects, :layout_slug, "varchar[] USING (string_to_array(layout_slug, ','))"
end
Now, I'm running into an issue with Unpermitted parameters: layout_slug. I've tried all of the accepted answers for the other StackOverflow questions and they're still not working for me. Here are all of the variations I've tried so far:
def project_params
params.require(:project).permit(:image_slug, { layout_slug: [] }, :category, ..., :selection => [:inputs => Project::ALLOWED_INPUTS.keys])
end
def project_params
params.require(:project).permit(:image_slug, { :layout_slug => [] }, :category, ..., :selection => [:inputs => Project::ALLOWED_INPUTS.keys])
end
I then tried removing the brackets around :layout_slug => [] and I got an error:
SyntaxError (/.../app/controllers/api/v1/projects_controller.rb:62: syntax error, unexpected ',', expecting =>
... :layout_slug => [], :category, :subcategory, :version, :ema...
... ^
/.../app/controllers/api/v1/projects_controller.rb:62: syntax error, unexpected ')', expecting keyword_end
/.../app/controllers/api/v1/projects_controller.rb:165: syntax error, unexpected end-of-input, expecting keyword_end):
# THIS ONE THROWS A SYNTAX ERROR
def project_params
params.require(:project).permit(:image_slug, :layout_slug => [], :category, :subcategory, :version, :email, :zip_code, :selection => [:inputs => Project::ALLOWED_INPUTS.keys])
end
So then I moved layout_slug to the end, and it went back to throwing the Unpermitted parameters: layout_slug error again.
# This throws the same Unpermitted parameters error as before
def project_params
params.require(:project).permit(:image_slug, ..., :selection => [:inputs => Project::ALLOWED_INPUTS.keys], :layout_slug => [])
end
I've double- and triple-checked the spelling, and I've verified that the front-end is submitting an Array.
What am I missing?? Was there something wrong with my migration? Or is there something blatantly wrong with my permit method?
I've tested your sample code and it seems to be fine:
raw_parameters = { :image_slug => "some_slug", :category => "A", :layout_slug => ["a", "b"] }
parameters = ActionController::Parameters.new(raw_parameters)
parameters.permit(:image_slug, :category, :layout_slug => [])
# {"image_slug"=>"some_slug", "category"=>"A", "layout_slug"=>["a", "b"]}
Check your params :layout_slug format, perhaps that's the case
I have the following dynamic params depending on the line items i am trying to add to an order
{"line_item" => {"items"=>{"0"=>{"price"=>"5.75", "name"=>"Item name", "quantity"=>"5"}, "1"=>{"price"=>"3.35", "name"=>"Item name", "quantity"=>"1"}}}
In my controller:
def lineitems_params
params.require(:line_item).permit(:key1, :key2, :key3, :key4, :payment_type, :payment_provider).tap do |whitelisted|
whitelisted[:items] = params[:line_item][:items]
end
end
I still get the
Unpermitted parameters: items
in my logs, and it does not update the items.
How can i solve this?
NOTE: the items hash can have many elements inside.
EDIT:
In my model:
serialize :items, Hash
This should work
def lineitems_params
params.require(:line_item).permit(:key1, :key2, :key3, :key4, :payment_type, :payment_provider, {:items => {:price, :name, :quantity}})
end
Update
may be you should just give like this
def lineitems_params
params.require(:line_item).tap do |whitelisted|
whitelisted[:items] = params[:line_item][:items]
end
end
Source
Note: Don't give params.require(:line_items).permit! it permits all attributes.