1

In a Rails 5.1 app, from my view, I send the following to my controller

"area"=>{"name"=>"name", "project_id"=>"123", "owners"=>{"step2"=>["345", "678"], "step3"=>["123"]}}

How can I, with Strong Parameters, allow the entire content of owners to get through?

I have tried what suggested in Rails 4 - Strong Parameters - Nested Objects but nothing seems to work.

params.require(:area).permit(:name, :project_id, :owners)
params.require(:area).permit(:name, :project_id, owners: [])
params.require(:area).permit(:name, :project_id, owners: []).tap do |whitelisted|
 whitelisted[:owners] = params[:application_area][:owners]
end #=> ActionController::UnfilteredParameters - unable to convert unpermitted parameters to hash:

The content of the owners hash may change from request to request; i.e. the next time I can send

"area"=>{"name"=>"name", "project_id"=>"123", "owners"=>{"color"=>["345", "678"], "shape"=>["123"]}}

Sig
  • 5,476
  • 10
  • 49
  • 89

1 Answers1

2

you have to white list all the possible values for owners

params.require(:area).permit(:name, :project_id, owners: [step2: [], color: [], step2: [], step3: []])

ok have you tried this for dynamic content with rails 5 ?

params.require(:area).permit(:name, :project_id, :owners => {})

Shani
  • 2,433
  • 2
  • 19
  • 23
  • I think you meant to list `:shape` instead of `:step2` twice. – moveson Feb 02 '18 at 04:51
  • Those values are dynamic, I mean they are defined as instances of another model. Therefore, I do not know all the possible value. Thanks – Sig Feb 02 '18 at 04:56
  • `params.require(:area).permit(:name, :project_id, :owners => {})` seems to be to teh reasonable option since `owners` is a hash and indeed it works. Thanks – Sig Feb 05 '18 at 00:06