How to use Rails 4 strong parameters with has_many :through association?

Question

I\'m having trouble getting a has_many :through association working with Rails 4\'s strong parameters. I have a model called Checkout and I need to select a per

Answer 1

Ok, so I actually did not need to nest the parameters. This is what ended up working for me:

# Never trust parameters from the scary internet, only allow the white list through.
def checkout_params
  params.require(:checkout).permit(:job, :shift, :employee_ids, :date, :hours, :sales, :tips, :owed, :collected, :notes)
end

Here is the combination of changes that worked.

• db/schema.rb - https://gist.github.com/leemcalilly/32c792277de335aa54b8
• controllers/checkouts_controller.rb - https://gist.github.com/leemcalilly/6e01ff8b86b1bdd078ed
• controllers/employees_controller.rb - https://gist.github.com/leemcalilly/ad8d9f696b3121fd20e8
• models/checkout.rb - https://gist.github.com/leemcalilly/6ffb28d54c6ea896bac5
• models/employee.rb - https://gist.github.com/leemcalilly/85f53606494743e3d3b1
• models/employment.rb - https://gist.github.com/leemcalilly/b9f9c8b750a23c8f3611
• views/checkouts/_form.html.erb - https://gist.github.com/leemcalilly/d148d00345ad656fcd75
• views/checkouts/index.html.erb - https://gist.github.com/leemcalilly/95f19b23ed121e40f73d
• views/checkouts/show.html.erb - https://gist.github.com/leemcalilly/64ef85f66aa5d887489d

Still not quite understanding why this worked though.

Answer 2

I can post the permit statement I use in one of my controllers. This has a many to many association as well. You nest the permit array. Use the lookup association in your permit statement. The only difference should be that yours won't be nested a third time.

In my case, the association Quote has_many :quote_items.

QuoteItems has_many :quote_options, :through => quote_item_quote_options.

In quotes_controller.rb

params.require(:quote).permit(:quote_date, :good_through, :quote_number, quote_items_attributes: [:id,:quote_id, :item_name, :material_id, quote_item_quote_options_attributes:[:quote_option_id,:quote_item_id,:qty,:_destroy,:id]])

Answer 3

Keep in mind that the name you give to your strong parameters (employees, employee_ids, etc.) is largely irrelevant because it depends on the name you choose to submit. Strong parameters work no "magic" based upon naming conventions.

The reason https://gist.github.com/leemcalilly/a71981da605187d46d96 is throwing an "Unpermitted parameter" error on 'employee_ids' is because it is expecting an array of scalar values, per https://github.com/rails/strong_parameters#nested-parameters, not just a scalar value.

# If instead of:
... "employee_ids" => "1" ...
# You had:
... "employee_ids" => ["1"]

Then your strong parameters would work, specifically:

... { :employee_ids => [] } ...

Because it is receiving an array of scalar values instead of just a scalar value.