62

I have an array field in my model and I'm attempting to update it.

My strong parameter method is below

def post_params
  params["post"]["categories"] = params["post"]["categories"].split(",")

  params.require(:post).permit(:name, :email, :categories)
end

My action in my controller is as follows

def update
  post = Post.find(params[:id]

  if post and post.update_attributes(post_params)
    redirect_to root_url
  else
    redirect_to posts_url
  end
end

However, whenever I submit the update the post, in my development log I see

Unpermitted parameters: categories

The parameters passed through is

  Parameters: {"utf8"=>"✓", "authenticity_token"=>"auth token", "id"=>"10", 

"post"=>{"name"=>"Toni Mitchell", "email"=>"eileen_hansen@hayetokes.info", "categories"=>",2"}}

I want to think it has something to do with the fact that the attribute categories is an array since everything else looks fine. Then again, I could be wrong. So, what's wrong with my code and why is not letting me save the categories field when clearly it is permitted to do so? Thanks.

thank_you
  • 11,001
  • 19
  • 101
  • 185
  • It might be due to the way you are setting the value of the categories parameter, iirc the params object is not a simple hash, have you tried a simpler example? – Slicedpan Jul 25 '13 at 21:35

6 Answers6

151

Try this 

params.require(:post).permit(:name, :email, :categories => [])

(Disregard my comment, I don't think that matters)

Slicedpan
  • 4,995
  • 2
  • 18
  • 33
45

in rails 4, that would be, 

params.require(:post).permit(:name, :email, {:categories => []})
Imtiaz Emu
  • 479
  • 4
  • 5
  • 6
    This works for me but why does it need to be in a separate hash if we already defined the serialization of that attribute in the model? – barnett Jun 05 '14 at 01:03
10

The permitted scalar types are String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile and Rack::Test::UploadedFile.

To declare that the value in params must be an array of permitted scalar values map the key to an empty array:

params.permit(:id => [])

This is what the strong parameters documentation on Github says:

params.require(:post).permit(:name, :email, :categories => [])

I hope this works out for you.

jvperrin
  • 3,368
  • 1
  • 23
  • 33
Mohammad Abu Musa
  • 1,117
  • 2
  • 10
  • 32
3

I had the same problem, but simply adding array to permit was not enough. I had to add type, too. This way:

params.require(:transaction).permit(:name, :tag_ids => [:id])

I am not sure if this is perfect solution, but after that, the 'Unpermitted parameters' log disappeared.

I found hint for that solution from this excellent post: http://patshaughnessy.net/2014/6/16/a-rule-of-thumb-for-strong-parameters

Heikki Hannula
  • 101
  • 7
2

If there are multiple items and item_array inside parameters like this-

Parameters {"item_1"=>"value 1", "item_2"=> {"key_1"=> "value A1", 
"key_2"=>["val B2", "val C3"]} }

There we have array inside item_2.
That can be permit as below-

params.permit(item_2: [:key_1, :key_2 => [] ])

Above saved my day, may be helpful for you too.

S.Yadav
  • 4,273
  • 3
  • 37
  • 44
1

I had the same problem but in my case I had also to change from:

<input type="checkbox" name="photographer[attending]" value="Baku">

to:

<input type="checkbox" name="photographer[attending][]" value="Baku">

Hope this is helping someone.

Carlo S
  • 953
  • 1
  • 9
  • 14