0

as i know from the doc that in ActionController::Parameters, when you update a key with the operator []= and then use the permit method on the params, the key gets filtered even when we permit the key.

Is there any alternative way to update the key value to prevent this from happening? I need to do some checks and update that key but the permit method always filters out that key if I update it with []= method and value of that key becomes nil after updating.

an api temp_api in rails (with a key named foo coming from the api call with value "[null,\"hello\"]")

def temp_api
    #preprocessing the key
    if !params[:foo].nil?
        foo = JSON.parse (params[:foo])
        params[:foo] = foo - [nil,'']
    end
    p params[:foo] # correctly prints the new updated value
    permitted_params = params.permit(:id,:foo)
    p permitted_params[:foo] #this is printed nil (i want this to not get filtered)
    # the foo column even shows as un permitted parameter in the server logs
    p permitted_params[:id] #this is printed correctly if coming from the call
end

I basically want the foo column to not get filtered out if its updated

References i used already: https://api.rubyonrails.org/v6.1.0/classes/ActionController/Parameters.html#method-i-5B-5D-3D

Holger Just
  • 52,918
  • 14
  • 115
  • 123
erenjeager
  • 1
  • 1
  • 1
    It might be related to the fact that the value you're setting for `foo` is a hash or array. You can check out how to permit nested objects here: https://stackoverflow.com/questions/18436741/rails-strong-parameters-nested-objects – ldeld Jun 19 '23 at 14:05
  • Can you give some fake example data for your params? And @Ideld is right, it has to do with trying to permit a hash object when ActionControllerParameter is expecting a string. Why are you running `permit` after already receiving the input and then modifying it anyway? – Beartech Jun 19 '23 at 16:20
  • @Beartech fake example params={id: 12345,foo: "[null,\"hello\"]"}.also the reason i am running permit after is that there multiple permits for different cases in different methods in my original code so i have to do this commonly.also just out curiosity. – erenjeager Jun 20 '23 at 04:56
  • @ldeld thanks that helped a little.ig i need to change every permit to make it work lol.not feasible tho. – erenjeager Jun 20 '23 at 05:00
  • There are ways to use permit with a hash where the content type is unknown ahead of time (i.e. nested hashes). If you search some of the examples of strict params from when it was first introduced into Rails you'll see some code that might work. But I think you are on the wrong track if it's that much of a problem. Even with your example data it's not clear WHY you are doing this. If you are worried about the contents of what you are passing to `JSON.parse()` why not create a custom validator of some sort? – Beartech Jun 21 '23 at 01:20
  • The purpose of strict param checking is to ensure that only the params you want get passed to the server, and that they are the scalar values you defined in the controller. Once you accept the original params with `permit()` you can change them how YOU want and just save them. No need to re-check them with `permit()` – Beartech Jun 21 '23 at 01:22

0 Answers0