strong-parameters | 易学教程

How should I use rails and simple_form for nested resources?

阅读更多关于 How should I use rails and simple_form for nested resources?

I'm trying to create one resource with another nested resource at the same time. I'm using Rails4 and simple_form 3.0.0rc. Here is my code. Models: class User < ActiveRecord::Base has_one :profile accepts_nested_attributes_for :profile end class Profile < ActiveRecord::Base belongs_to :user end Controller: class UsersController < ApplicationController def new @user = User.new @user.build_profile end def create user = User.new user_params user.save redirect_to root_url # @par =params end private def user_params params.require(:user).permit(:email, profile_attributes: [:name]) end end View (form

Devise and Strong Parameters

阅读更多关于 Devise and Strong Parameters

I would like to know how to integrate both of this gems(devise + Strong Parameters), since strong params will likely be added to the rails core in 4.0 any help is welcome thanks ronalchn Update for devise 4.x class ApplicationController < ActionController::Base before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: [:username]) devise_parameter_sanitizer.permit(:sign_in, keys: [:username]) devise_parameter_sanitizer.permit(:account_update, keys: [:username]) end end After adding both

Rails4: How to permit a hash with dynamic keys in params?

阅读更多关于 Rails4: How to permit a hash with dynamic keys in params?

I make a http put request with following parameters: {"post"=>{"files"=>{"file1"=>"file_content_1", "file2"=>"file_content_2"}}, "id"=>"4"} and i need to permit hash array in my code. based on manuals I've tried like these: > params.require(:post).permit(:files) # does not work > params.require(:post).permit(:files => {}) # does not work, empty hash as result > params.require(:post).permit! # works, but all params are enabled How to make it correctly? UPD1 : file1, file2 - are dynamic keys by design strong params doesn't allow hashes with dynamic keys as values, so.. in this case you need to

Paperclip in Rails 4 - Strong Parameters Forbidden Attributes Error

阅读更多关于 Paperclip in Rails 4 - Strong Parameters Forbidden Attributes Error

问题 Having a problem with a Paperclip upload in Rails 4 - failing on ForbiddenAttributesError (strong parameters validation). Have the latest paperclip gem and latest rails 4 gems. I have a model "Image" with an attached file "upload" in the model: has_attached_file :upload, :styles => { :review => ["1000x1200>", :png], :thumb => ["100x100>", :png]}, :default_url => "/images/:style/missing.png" The image model was created with a scaffold, and I added paperclip migrations. The form partial was

Add Multiple Nested Attributes through checkboxes Rails 4 (maybe with multiple forms)

阅读更多关于 Add Multiple Nested Attributes through checkboxes Rails 4 (maybe with multiple forms)

问题 3/13 UPDATE: I've made a small sample project with my models, controller logic and several form versions. I am building a form where a user can add "Tasks" and "Milestones" together. (ie. Task = 'Vacuum' is inside Milestone = 'clean House'). It's basically a Task/Subtask type model with the parent being 'Milestone' and the child being 'Task'. Both Tasks and Milestones belong to "Project"....so I am trying to add the Tasks and Milestones through a nested form with an update action. I am

rails 4 strong params + dynamic hstore keys

阅读更多关于 rails 4 strong params + dynamic hstore keys

问题 I'm having a problem overcoming the new strong params requirement in Rails 4 using Hstore and dynamic accessors I have an Hstore column called :content which I want to use to store content in multiple languages, ie :en, :fr , etc. And I don't know which language upfront to set them in either the model or the controller. store_accessor :content, [:en, :fr] #+226 random other il8n languages won't work. How can I override strong params (or allow for dynamic hstore keys) in rails 4 for one column

Strong Parameters in Rails 3.2.8

阅读更多关于 Strong Parameters in Rails 3.2.8

问题 This video states that it is possible to protect the input coming in via the controller yet still be able to do mass assignment via models and specs. However, I have not seen this documented as a feature when using strong_parameters in 3.2.8. I understand that I need to mix in ActiveModel::ForbiddenAttributesProtection into my models and set config.active_record.whitelist_attributes = false in config/application.rb . I have also pulled all of my attr_accessible calls from the model. With or

strong parameters permit all attributes for nested attributes

阅读更多关于 strong parameters permit all attributes for nested attributes

Is there a way in strong parameters to permit all attributes of a nested_attributes model ? Here is a sample code. class Lever < ActiveRecord::Base has_one :lever_benefit accepts_nested_attributes_for :lever_benefit end class LeverBenefit < ActiveRecord::Base # == Schema Information # id :integer not null, primary key # lever_id :integer # explanation :text end For lever strong parameters i am writing currently this def lever params.require(:lever).permit(:name,:lever_benefit_attributes => [:lever_id, :explanation]) end Is there a way for nested attributes i can write to permit all attributes

How to get ActiveAdmin to work with Strong Parameters?

阅读更多关于 How to get ActiveAdmin to work with Strong Parameters?

问题 Update: this question was asked before there was a solution for it already in ActiveAdmin. As Joseph states, the ActiveAdmin documentation now contains this information, but the answers here are provided for those working with older versions of ActiveAdmin. When the strong_parameters 0.1.4 is used with ActiveAdmin 0.5.0 in Rails 3.2.8, if the model you are using is using StrongParameters by including: include ::ActiveModel::ForbiddenAttributesProtection then you get the following error in the

Rails 4: Insert Attribute Into Params

阅读更多关于 Rails 4: Insert Attribute Into Params

问题 In Rails 3, it was possible to insert an attribute into params like so: params[:post][:user_id] = current_user.id I'm attempting to do something similar in Rails 4, but having no luck: post_params[:user_id] = current_user.id . . . . private def post_params params.require(:post).permit(:user_id) end Rails is ignoring this insertion. It doesn't throw any errors, it just quietly fails. 回答1: Found the answer here. Rather than inserting the attribute from within the controller action, you can