Strong Parameters requires whitelisting of Action Controller parameters by default. In Ruby on Rails this means the developer will have to make a choice about which Active Model attributes are eligible for mass assignment. Strong parameters have been included in Rails 4 by default.
Questions tagged [strong-parameters]
956 questions
301
votes
6 answers
how to permit an array with strong parameters
I have a functioning Rails 3 app that uses has_many :through associations which is not, as I remake it as a Rails 4 app, letting me save ids from the associated model in the Rails 4 version.
These are the three relevant models are the same for the…
Leahcim
- 40,649
- 59
- 195
- 334
161
votes
4 answers
Rails - Strong Parameters - Nested Objects
I've got a pretty simple question. But haven't found a solution so far.
So here's the JSON string I send to the server:
{
"name" : "abc",
"groundtruth" : {
"type" : "Point",
"coordinates" : [ 2.4, 6 ]
}
}
Using the new permit method,…
Benjamin M
- 23,599
- 32
- 121
- 201
75
votes
4 answers
Rails 4 Strong parameters : permit all attributes?
I'm building a web app with Rails 4 strong parameters.
When building the admin back office controllers, I wonder what is the best way to permit all the model attributes?
For now, I wrote this:
def user_params
…
Nicolas Blanco
- 11,164
- 7
- 38
- 49
70
votes
4 answers
Rails 4: Insert Attribute Into Params
In Rails 3, it was possible to insert an attribute into params like so:
params[:post][:user_id] = current_user.id
I'm attempting to do something similar in Rails 4, but having no luck:
post_params[:user_id] = current_user.id
. . . .
private
…
nullnullnull
- 8,039
- 12
- 55
- 107
62
votes
6 answers
Rails 4 Unpermitted Parameters for Array
I have an array field in my model and I'm attempting to update it.
My strong parameter method is below
def post_params
params["post"]["categories"] = params["post"]["categories"].split(",")
params.require(:post).permit(:name, :email,…
thank_you
- 11,001
- 19
- 101
- 185
60
votes
4 answers
How to specify devise_parameter_sanitizer for edit action?
I've added Devise to my Rails 4 application, and successfully added username etc. to my User model. Furthermore, I'm able to store those fields using the lazy way™, i.e.
class ApplicationController < ActionController::Base
before_filter…
conciliator
- 6,078
- 6
- 41
- 66
58
votes
13 answers
Rails4: How to permit a hash with dynamic keys in params?
I make a http put request with following parameters:
{"post"=>{"files"=>{"file1"=>"file_content_1",
"file2"=>"file_content_2"}}, "id"=>"4"}
and i need to permit hash array in my code.
based on manuals I've tried like these:
>…
rdo
- 3,872
- 6
- 34
- 51
57
votes
3 answers
Strong parameters with Rails and Devise
I am using the rails 4.0 branch of devise along with ruby 2.0.0p0 and Rails 4.0.0.beta1.
This is the kind of question where I am checking if I'm doing it the right way, or if there are other things I should be doing. I'm sure a lot of people moving…
user1202888
- 1,043
- 2
- 11
- 19
45
votes
5 answers
Rails - Strong parameters with empty arrays
I'm sending an array of association ids, say foo_ids to my controller. To permit an array of values, I use:
params.permit(foo_ids: [])
Now, the problem is that if I send an empty array of foo_ids, the parameter is ignored. Instead of clearing all…
Rahul Sekhar
- 2,761
- 5
- 23
- 27
44
votes
5 answers
Forbidden Attributes Error in Rails 4 when encountering a situation where one would have used attr_accessible in earlier versions of Rails
With the recent upgrade to Rails 4, updating attributes using code resembling the below does not work, I get a ActiveModel::ForbiddenAttributes error:
@user.update_attributes(params[:user], :as => :admin)
Where User has the following…
Ecnalyr
- 5,792
- 5
- 43
- 89
42
votes
6 answers
How to get ActiveAdmin to work with Strong Parameters?
Update: this question was asked before there was a solution for it already in ActiveAdmin. As Joseph states, the ActiveAdmin documentation now contains this information, but the answers here are provided for those working with older versions of…
Gary S. Weaver
- 7,966
- 4
- 37
- 61
40
votes
4 answers
Devise and Strong Parameters
I would like to know how to integrate both of this gems(devise + Strong Parameters), since strong params will likely be added to the rails core in 4.0
any help is welcome
thanks
Rodrigo Zurek
- 4,555
- 7
- 33
- 45
36
votes
6 answers
strong parameters permit all attributes for nested attributes
Is there a way in strong parameters to permit all attributes of a nested_attributes model? Here is a sample code.
class Lever < ActiveRecord::Base
has_one :lever_benefit
accepts_nested_attributes_for :lever_benefit
end
class LeverBenefit <…
AnkitG
- 6,438
- 7
- 44
- 72
36
votes
1 answer
Rails -- how to populate parent object id using nested attributes for child object and strong parameters?
I've got a situation much like is presented in Railscast 196-197: Nested Model Form. However, I've encountered a conflict between this approach and strong parameters. I can't figure out a good way to populate the parent record id field on the…
Nathan Wallace
- 2,154
- 4
- 23
- 28
35
votes
3 answers
How to use Rails 4 strong parameters with has_many :through association?
I'm having trouble getting a has_many :through association working with Rails 4's strong parameters. I have a model called Checkout and I need to select a person from the Employee model in the new checkout form. Checkouts and Employees are…
Lee McAlilly
- 9,084
- 12
- 60
- 94