Strong parameters require multiple
I had a similar need and what I did was
def point_code_params
params.require(:point_code).require(:guid) # for check require params
params.require(:point_code).permit(:guid) # for using where hash needed
end
Example:
def create
@point_code = PointCode.new(point_code_params)
end
Is it possible to require multiple strong params in Rails?
Strong Parameters are used for mass assignment. What does mass assignment means is that when you submit a form multiple values are submitted i.e., multiple attributes of a model so you add them in the params.require(:post).permit
. You are seeing the word permit
which means this attributes are permitted to be mass assigned. Now suppose you are writing this in controller:
def post_params
params.require(:post).permit(:title, :text, :slug)
end
and in your params suppose you have:
{"post"=>{"title"=>'Test',"text"=>"Text test","slug"=>"any random name","type"=>"article"}}
Now if you do:
@post = Post.new(post_params)
@post.save
It will give you unpermitted parameters :type
because you have not whitelisted the type
parameter. This is given for security reasons so that you only allow attributes that needs to be updated by user from the view are permitted. And the strong parameters are introduced from rails 4 onwards.
Now the thing you need to require these parameters that the user fills them so this needs to be done in the model like this:
class Post < ActiveRecord::Base
validates_presence_of :title, :text, :slug
end
This is a validation which will make the users enter the title, text and slug
necessarily. There are more type of validations and some custom validations too which can be written according to the needs.
More Info:
Strong Parameters
Validations
Hope this helps
Multiple require & permit strong parameters rails 4
Ok found the answer through a friend ...one way to do this is
params.require(:email_address)
params.require(:password)
params.permit(
:email_address,
:password,
:remember_me
)
Works good.
Rails 4 Require and Permit Multiple
To the best of my knowledge, I think the way to go is, that you only permit parameters in your controller, and then you perform attribute-validation in your model instead of directly in the controller on the parameters.
Strong parameters are only there to secure, that some ill-intended person does not hack your user-form and insert something like "role=admin".
As far as I know, the strong parameters functionality is not designed with the intend of actually requiring certain parameters to be present other than the single key containing the hash of attributes (like the model-key called user or likewise).
You can do validation in your model like this:
class User < ActiveRecord::Base
validates :email, :first_name, :last_name, presence: true
end
If you use something like simple_form, then the errors will even automatically be shown.
There is a guy here, that suggest multiple requires before the actual permitting. My personal opinion is that it is very ugly.
Strong parameters require multiple
def user_params
params.require(:user).require(:first_name)
params.require(:user).require(:last_name)
params.require(:user).permit(:first_name, :last_name)
end
Rails strong params for creating multiple objects from one form
I think that I need a bit more info here. When I create more than 1 record at a time its usually a chield of another object and mine looks like this
# Never trust parameters from the scary internet, only allow the white list through.
def family_params
params.require(:family).permit(:name, users_attributes: [ :name, :email ])
end
I hope that this helps.
Happy Hacking :)
Nested params with Strong Parameters
you have to white list all the possible values for owners
params.require(:area).permit(:name, :project_id, owners: [step2: [], color: [], step2: [], step3: []])
ok have you tried this for dynamic content with rails 5 ?
params.require(:area).permit(:name, :project_id, :owners => {})
Understand the require of strong parameters - Rails
The params
is a hash object of parameters you have sent with request(text message) to webserver using probably HTML form and web browser. This request message is parsed to a ruby Hash by rack(Rails is an http://rack.github.io/ app).
The rails app takes this http://www.rubydoc.info/gems/rack/Rack/Request req.params
and routes it to handle by proper controller based on request path. Routing is specified in config/routes.rb
file.
Your params
are params that you send to rails web app, parsed and turned into code structure named http://apidock.com/rails/ActionController/Parameters
You can easily inspect it by putting some binding.pry
https://github.com/pry/pry in the controller and inspecting class of this structure. Then you simply hit apidock for answers( There are also dynamic ways of displaying source code from console).
But to answer your question...
Strong parameters are a kind of schema(data structure) specification/validation.
So params.require(:filters).permit(:tags)
basically means that it expects a Hash that will look like this: {filters: {tags: []}
. If you don't give something that's required then an error is raised. If you give something that's isn't permitted it's ignored.
Strong params are there to allow easy mass assignment but with filtering/whitelisting. Otherwise someone could for example put hash: {user: {is_admin: true, id: 123}}
. Instead you can just allow for modification of name and address only for example. More info: http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters
Other viable ruby library to do such validations is http://dry-rb.org/gems/dry-validation/
BTW you can see how it works here:
http://apidock.com/rails/ActionController/Parameters/require
def require(key)
value = self[key]
if value.present? || value == false
value
else
raise ParameterMissing.new(key)
end
end
http://apidock.com/rails/ActionController/Parameters/permit
def permit(*filters)
params = self.class.new
filters.flatten.each do |filter|
case filter
when Symbol, String
permitted_scalar_filter(params, filter)
when Hash then
hash_filter(params, filter)
end
end
unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters
params.permit!
end
and as you can see in this case it's permitted_scalar_filter
:
http://apidock.com/rails/ActionController/Parameters/permitted_scalar_filter
def permitted_scalar_filter(params, key)
if has_key?(key) && permitted_scalar?(self[key])
params[key] = self[key]
end
keys.grep(/\A#{Regexp.escape(key)}\(\d+[if]?\)\z/) do |k|
if permitted_scalar?(self[k])
params[k] = self[k]
end
end
end
I hope that armed with this knowledge you can solve your issue ;)
Related Topics
How to View a Sample of the Call Stack in Ruby
Ruby on Rails: How to Check If a File Is an Image
Rails Implementation of Search with Autocomplete
How to Find a Model's Relationships
Sinatra - Response.Set_Cookie Doesn't Work
How to Split String into Only Two Parts with a Given Character in Ruby
Ruby: How to Generate CSV Files That Has Excel-Friendly Encoding
Rspec and Shoulda - Complementary or Alternatives
Rspec Stubbing Method for Only Specific Arguments
How to Install 'Cocoapods' Gem from Rubygems.Org (Bad Response Backend Read Error)
What Is the Best Wysiwyg for Rails - Ruby on Rails Blog
Share Models Between 2 Rails API's (Separate Applications)
How to Setup Urls for Static Site with Ruby Rack on Heroku
How to Add Confirm Message with Link_To Ruby on Rails