Strong Parameters Require Multiple

Strong parameters require multiple

I had a similar need and what I did was

def point_code_params
  params.require(:point_code).require(:guid) # for check require params
  params.require(:point_code).permit(:guid) # for using where hash needed
end

Example:

def create
  @point_code = PointCode.new(point_code_params)
end

Is it possible to require multiple strong params in Rails?

Strong Parameters are used for mass assignment. What does mass assignment means is that when you submit a form multiple values are submitted i.e., multiple attributes of a model so you add them in the params.require(:post).permit. You are seeing the word permit which means this attributes are permitted to be mass assigned. Now suppose you are writing this in controller:

def post_params
  params.require(:post).permit(:title, :text, :slug)
end

and in your params suppose you have:

{"post"=>{"title"=>'Test',"text"=>"Text test","slug"=>"any random name","type"=>"article"}}

Now if you do:

@post = Post.new(post_params)
@post.save

It will give you unpermitted parameters :type because you have not whitelisted the type parameter. This is given for security reasons so that you only allow attributes that needs to be updated by user from the view are permitted. And the strong parameters are introduced from rails 4 onwards.

Now the thing you need to require these parameters that the user fills them so this needs to be done in the model like this:

class Post < ActiveRecord::Base
  validates_presence_of :title, :text, :slug
end

This is a validation which will make the users enter the title, text and slug necessarily. There are more type of validations and some custom validations too which can be written according to the needs.

More Info:

Strong Parameters

Validations

Hope this helps

Multiple require & permit strong parameters rails 4

Ok found the answer through a friend ...one way to do this is 

params.require(:email_address)
params.require(:password)
params.permit(
:email_address,
:password,
:remember_me
)

Works good.

Rails 4 Require and Permit Multiple

To the best of my knowledge, I think the way to go is, that you only permit parameters in your controller, and then you perform attribute-validation in your model instead of directly in the controller on the parameters.

Strong parameters are only there to secure, that some ill-intended person does not hack your user-form and insert something like "role=admin".

As far as I know, the strong parameters functionality is not designed with the intend of actually requiring certain parameters to be present other than the single key containing the hash of attributes (like the model-key called user or likewise).

You can do validation in your model like this:

class User < ActiveRecord::Base
  validates :email, :first_name, :last_name, presence: true
end

If you use something like simple_form, then the errors will even automatically be shown.

There is a guy here, that suggest multiple requires before the actual permitting. My personal opinion is that it is very ugly.

Strong parameters require multiple

def user_params
  params.require(:user).require(:first_name)
  params.require(:user).require(:last_name)
  params.require(:user).permit(:first_name, :last_name)
end

Rails strong params for creating multiple objects from one form

I think that I need a bit more info here. When I create more than 1 record at a time its usually a chield of another object and mine looks like this 

# Never trust parameters from the scary internet, only allow the white list through.
def family_params
  params.require(:family).permit(:name, users_attributes: [ :name, :email ])
end

I hope that this helps.

Happy Hacking :)

Nested params with Strong Parameters

you have to white list all the possible values for owners

params.require(:area).permit(:name, :project_id, owners: [step2: [], color: [], step2: [], step3: []])

ok have you tried this for dynamic content with rails 5 ?

params.require(:area).permit(:name, :project_id, :owners => {})

Understand the require of strong parameters - Rails

The params is a hash object of parameters you have sent with request(text message) to webserver using probably HTML form and web browser. This request message is parsed to a ruby Hash by rack(Rails is an http://rack.github.io/ app).
The rails app takes this http://www.rubydoc.info/gems/rack/Rack/Request req.params and routes it to handle by proper controller based on request path. Routing is specified in config/routes.rb file.

Your params are params that you send to rails web app, parsed and turned into code structure named http://apidock.com/rails/ActionController/Parameters
You can easily inspect it by putting some binding.pry https://github.com/pry/pry in the controller and inspecting class of this structure. Then you simply hit apidock for answers( There are also dynamic ways of displaying source code from console).

But to answer your question...

Strong parameters are a kind of schema(data structure) specification/validation.

So params.require(:filters).permit(:tags) basically means that it expects a Hash that will look like this: {filters: {tags: []}. If you don't give something that's required then an error is raised. If you give something that's isn't permitted it's ignored.

Strong params are there to allow easy mass assignment but with filtering/whitelisting. Otherwise someone could for example put hash: {user: {is_admin: true, id: 123}}. Instead you can just allow for modification of name and address only for example. More info: http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters

Other viable ruby library to do such validations is http://dry-rb.org/gems/dry-validation/

BTW you can see how it works here:
http://apidock.com/rails/ActionController/Parameters/require

    def require(key)
      value = self[key]
      if value.present? || value == false
        value
      else
        raise ParameterMissing.new(key)
      end
    end

http://apidock.com/rails/ActionController/Parameters/permit

    def permit(*filters)
      params = self.class.new

      filters.flatten.each do |filter|
        case filter
        when Symbol, String
          permitted_scalar_filter(params, filter)
        when Hash then
          hash_filter(params, filter)
        end
      end

      unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters

      params.permit!
    end

and as you can see in this case it's permitted_scalar_filter:
http://apidock.com/rails/ActionController/Parameters/permitted_scalar_filter

 def permitted_scalar_filter(params, key)
    if has_key?(key) && permitted_scalar?(self[key])
      params[key] = self[key]
    end

    keys.grep(/\A#{Regexp.escape(key)}\(\d+[if]?\)\z/) do |k|
      if permitted_scalar?(self[k])
        params[k] = self[k]
      end
    end
  end

I hope that armed with this knowledge you can solve your issue ;)


Related Topics

How to View a Sample of the Call Stack in Ruby

Ruby on Rails: How to Check If a File Is an Image

Rails Implementation of Search with Autocomplete

How to Find a Model's Relationships

Sinatra - Response.Set_Cookie Doesn't Work

How to Split String into Only Two Parts with a Given Character in Ruby

Ruby: How to Generate CSV Files That Has Excel-Friendly Encoding

Ruby - Parsing a Text File

Rspec and Shoulda - Complementary or Alternatives

Why Treat 0 as True in Ruby

Rspec Stubbing Method for Only Specific Arguments

How to Install 'Cocoapods' Gem from Rubygems.Org (Bad Response Backend Read Error)

What Is the Best Wysiwyg for Rails - Ruby on Rails Blog

Share Models Between 2 Rails API's (Separate Applications)

How to Setup Urls for Static Site with Ruby Rack on Heroku

How to Add Confirm Message with Link_To Ruby on Rails

Generating a Short Uuid String Using Uuidtools in Rails

In Ruby, Should I Use ||= or If Defined? for Memoization


Leave a reply



Submit