Filter params with strong parameters

Hi

I have an hstore field in my database where I store a lot of different
fields.

I still want getters, setters and validations for my fields so I’ve
created
an array with the fields like this:

DOCUMENT_FIELDS = %w[foo bar baz]

Then I do some meta programming to create getters and setters:

DOCUMENT_FIELDS.each do |field|
define_method(field) do
# …
end

define_method("#{field}=") do |value|
  # ...
end

end

Now I would like to pass all fields to strong parameters to properly
filter
it. I tried like this:
params.require(:foo).permit(Foo::DOCUMENT_FIELDS.map(&:to_sym))

But this doesn’t work. It removes all values anyway. I guess it is
because
Foo::DOCUMENT_FIELDS.map(&:to_sym) creates an array that is passed to
strong parameters (and it seems to not work with arrays).

How can I get around this?

Cheers,
Linus

On Fri, Mar 8, 2013 at 3:27 AM, Linus P.
[email protected] wrote:

Then I do some meta programming to create getters and setters:

Now I would like to pass all fields to strong parameters to properly filter
it. I tried like this:
params.require(:foo).permit(Foo::DOCUMENT_FIELDS.map(&:to_sym))

But this doesn’t work. It removes all values anyway. I guess it is because
Foo::DOCUMENT_FIELDS.map(&:to_sym) creates an array that is passed to
strong parameters (and it seems to not work with arrays).

How can I get around this?

params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))
Though if I’m honest I probably would expect you to not take the long
trip with map and to_sym, might as well just leave them as string keys
because params has indifferent access with default keys being all
string keys for security.

Got it myself! Splat operator to the rescue :slight_smile:

params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))

Den fredagen den 8:e mars 2013 kl. 10:27:50 UTC+1 skrev Linus
Pettersson:

On Fri, Mar 8, 2013 at 3:35 AM, Jordon B. [email protected]
wrote:

params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))
Though if I’m honest I probably would expect you to not take the long
trip with map and to_sym, might as well just leave them as string keys
because params has indifferent access with default keys being all
string keys for security.

I forgot to say what *[] does. It will expand the array into args.

Thank you. I thought strong params needed symbols.

Cheers,
Linus

Den fredagen den 8:e mars 2013 kl. 10:35:13 UTC+1 skrev Jordon B.: