I am having a bad time trying to get some form parameters (via a simple
form, latest version), stored in an integer array in a PostgreSQL table.
I
have abstracted the key parts below, but if anyone would like to poke
around, I have hosted the project on GitHub:
https://github.com/cjbutcher/avc_risk_manager_2. Any help much
appreciated,
I have wrestled with this problem for days!

I am building a risk management app. A new risk should accept an integer
from the ‘impact’ and ‘likelihood’ fields on the form view and insert
them
into arrays in the risk table. At the moment, all fields on the new/edit
risk form update correctly, except impact and likelihood (the arrays).
If I
enter values in these fields, no error is thrown, yet they are not
updated.

Here is the code for the form. I don’t think the problem lies here, but
here it is anyway:

app/views/shared/_risk_form.html.erb

<%= simple_form_for(@risk) do |f| %>
<%= render ‘shared/error_messages’, object: f.object %>

Here is the controller, note the strong params for impact and
likelihood:

app/controllers/risk_controller.rb

class RisksController < ApplicationController
before_action :signed_in_user
before_action :correct_user, only: [:destroy, :update]

def create
@risk = current_user.risks.build(risk_params)
if @risk.save
flash[:success] = “Risk created!”
redirect_to root_url
else
render ‘new’
end
end

def new
@risk = Risk.new
end

def destroy
@risk.destroy
redirect_to root_url
end

def edit
@risk = Risk.find(params[:id])
end

def update
@risk = Risk.find(params[:id])
@risk.assign_attributes(risk_params)
if @risk.changed? == false
flash[:info] = “No changes were made”
redirect_to root_url
elsif @risk.update_attributes(risk_params)
flash[:success] = “The risk has been updated.”
redirect_to root_url
else
render ‘new’
end
end

private

def risk_params
params.require(:risk).permit(:description, :title, :area, :owner,
:action,
:date_of_action, :action_completed, { :impact => [] }, { :likelihood =>
[]
})
end

def correct_user
if current_user.admin?
@risk = Risk.find_by(id: params[:id])
redirect_to root_url if @risk.nil?
else
@risk = current_user.risks.find_by(id: params[:id])
redirect_to root_url if @risk.nil?
end
end

end

Here is the model. I purposefully left validations off the impact and
likelihood fields for now so I don’t have to worry about that being the
problem:

app/models/risk.rb

class Risk < ActiveRecord::Base
belongs_to :user
validates :user_id, presence: true
validates :description, presence: true
validates :title, presence: true
validates :area, presence: true
validates :owner, presence: true
end

Finally, here is the db schema:

app/db/schema.rb

ActiveRecord::Schema.define(version: 20140622153923) do

These are extensions that must be enabled in order to support this

database
enable_extension “plpgsql”

create_table “risks”, force: true do |t|
t.integer “user_id”
t.string “description”
t.datetime “created_at”
t.datetime “updated_at”
t.string “title”
t.string “area”
t.string “owner”
t.string “action”
t.date “date_of_action”
t.boolean “action_completed”, default: false
t.integer “impact”, default: [], array: true
t.integer “likelihood”, default: [], array: true
end

add_index “risks”, [“user_id”, “created_at”], name:
“index_risks_on_user_id_and_created_at”, using: :btree

create_table “users”, force: true do |t|
t.string “name”
t.string “email”
t.boolean “admin”, default: false
t.datetime “created_at”
t.datetime “updated_at”
t.string “password_digest”
t.string “remember_token”
end

add_index “users”, [“email”], name: “index_users_on_email”, unique:
true,
using: :btree
add_index “users”, [“remember_token”], name:
“index_users_on_remember_token”, using: :btree

end

Any help much appreciated! If there is any extra information I can
provide
please let me know.

Thanks v much, Chris

On Monday, June 23, 2014 10:12:04 PM UTC+1, Chris Butcher wrote:

<%= f.input :impact, required: false, :error => false, input_html: { class: 'form-control' } %> <%= f.input :likelihood, required: false, :error => false, input_html: { class: 'form-control' } %>

I don’t know much about postgresql array columns and their interaction
with simple_form but you should check whether the above form will result
in
params[risk][:impact] (and likelihood) being a string or an array.

If the params are strings it wouldn’t surprise me if strong params
rejected
this since you told it to expect an array (is there anything from strong
params in your logfile?)

Fred

Yes I think you are right. My logfile is unavailable for some reason
(“postgres cannot access the server configuration file…”) but I
inspected
my terminal after attempting a risk insert and this output looks exactly
like what you are suggesting:

Started POST “/risks” for 127.0.0.1 at 2014-06-23 21:28:41 +0100

Processing by RisksController#create as HTML

Parameters: {“utf8”=>“✓”,
“authenticity_token”=>“LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=”,
“risk”=>{“title”=>“afafafa”, “description”=>“aadada”, “area”=>“IT”,
“owner”=>“4”, “action”=>“fffaa”, “date_of_action(3i)”=>“23”,
“date_of_action(2i)”=>“6”, “date_of_action(1i)”=>“2014”,
“action_completed”=>“0”, “impact”=>“12”, “likelihood”=>“11”},
“commit”=>“Create Risk”}

User Load (0.3ms) SELECT “users”.* FROM “users” WHERE
“users”.“remember_token” = ‘1b3c0548b48b9f90cab54a695297436286ad0132’
LIMIT
1

Unpermitted parameters: impact, likelihood

(0.1ms) BEGIN

SQL (0.3ms) INSERT INTO “risks” (“action”, “area”, “created_at”,
“date_of_action”, “description”, “owner”, “title”, “updated_at”,
“user_id”)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING “id” [[“action”,
“fffaa”], [“area”, “IT”], [“created_at”, “2014-06-23 20:28:41.581267”],
[“date_of_action”, “2014-06-23”], [“description”, “aadada”], [“owner”,
“4”], [“title”, “afafafa”], [“updated_at”, “2014-06-23
20:28:41.581267”],
[“user_id”, 2]]

(67.1ms) COMMIT

Redirected to http://localhost:3000/

Completed 302 Found in 73ms (ActiveRecord: 67.8ms)

So yeah - “Unpermitted parameters: impact, likelihood”. Looks relevant.
I
have done some research into it, and it seems like one could serialise
their inputs in the model using:

serialize :impact, Array

serialize :likelihood, Array

and I could change the array type in the schema to string. However, I
would
really rather keep the array as integers as it’s going to make
operations
like averaging much easier without casting etc. Does anyone know of a
way I
can get these params accepted as integers? The problem might lie in
simple
form after all.

(Thanks for your help so far Frederick!)

On Wednesday, June 25, 2014 10:31:01 AM UTC+1, Chris Butcher wrote:
Completed 302 Found in 73ms (ActiveRecord: 67.8ms)

So yeah - “Unpermitted parameters: impact, likelihood”. Looks relevant. I
have done some research into it, and it seems like one could serialise
their inputs in the model using:

serialize :impact, Array

serialize :likelihood, Array

If the input name (as in the name attribute on the input element ends
in
[] then rails will treat the parameter as an array. I assume simple_form
has a way for you to override the input name generated, but I’ve not
used
it so I don’t know.

Fred

I’ve just started working on this again after some time off.

In response to Fred’s suggestion regarding input names, I looked into it
and found you can specify custom input names in simple form like this:

Note the ":name => " addition in the input_html attribute.

Now this has not fixed the problem at all with regards to app behaviour.
However the error message (“unpermitted parameters…”) in terminal has
disappeared when I attempt to submit a risk:

Started POST “/risks” for 127.0.0.1 at 2014-06-29 12:58:02 +0100

Processing by RisksController#create as HTML

Parameters: {“utf8”=>“✓”,
“authenticity_token”=>“LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=”,
“risk”=>{“title”=>“aa”, “description”=>“aadad”, “area”=>“IT”,
“owner”=>“5”,
“action”=>“dadad”, “date_of_action(3i)”=>“29”,
“date_of_action(2i)”=>“6”,
“date_of_action(1i)”=>“2014”, “action_completed”=>“0”}, “impact”=>[“4”],
“likelihood”=>[“4”], “commit”=>“Create Risk”}

User Load (0.4ms) SELECT “users”.* FROM “users” WHERE
“users”.“remember_token” = ‘1b3c0548b48b9f90cab54a695297436286ad0132’
LIMIT
1

(0.2ms) BEGIN

SQL (0.3ms) INSERT INTO “risks” (“action”, “area”, “created_at”,
“date_of_action”, “description”, “owner”, “title”, “updated_at”,
“user_id”)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING “id” [[“action”,
“dadad”], [“area”, “IT”], [“created_at”, “2014-06-29 11:58:02.816205”],
[“date_of_action”, “2014-06-29”], [“description”, “aadad”], [“owner”,
“5”],
[“title”, “aa”], [“updated_at”, “2014-06-29 11:58:02.816205”],
[“user_id”,
2]]

(0.3ms) COMMIT

Redirected to http://localhost:3000/

Completed 302 Found in 9ms (ActiveRecord: 1.2ms)

You can still see that the impact and likelihood fields are still
omitted
during the commit. Maybe this is because they are being passed in as
strings (denoted by the quotes around the values you can see being
passed
in the terminal output above), even though the array is explicitly
integer?
I have tried forcing integers like this, but it has made no difference:

So I’m still stuck! If I change the input name like I have, would I have
to
adjust anything else in my application? This is my first rails project
so
forgive me if the answer to that is an obvious ‘of course’.

Thank you both for your help thus far.

've just started working on this again after some time off.

In response to Fred’s suggestion regarding input names, I looked into it
and found you can specify custom input names in simple form like this:

Note the ":name => " addition in the input_html attribute.

Now this has not fixed the problem at all with regards to app behaviour.
However the error message (“unpermitted parameters…”) in terminal has
disappeared when I attempt to submit a risk:

Started POST “/risks” for 127.0.0.1 at 2014-06-29 12:58:02 +0100

Processing by RisksController#create as HTML

Parameters: {“utf8”=>“✓”,
“authenticity_token”=>“LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=”,
“risk”=>{“title”=>“aa”, “description”=>“aadad”, “area”=>“IT”,
“owner”=>“5”,
“action”=>“dadad”, “date_of_action(3i)”=>“29”,
“date_of_action(2i)”=>“6”,
“date_of_action(1i)”=>“2014”, “action_completed”=>“0”}, “impact”=>[“4”],
“likelihood”=>[“4”], “commit”=>“Create Risk”}

User Load (0.4ms) SELECT “users”.* FROM “users” WHERE
“users”.“remember_token” = ‘1b3c0548b48b9f90cab54a695297436286ad0132’
LIMIT
1

(0.2ms) BEGIN

SQL (0.3ms) INSERT INTO “risks” (“action”, “area”, “created_at”,
“date_of_action”, “description”, “owner”, “title”, “updated_at”,
“user_id”)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING “id” [[“action”,
“dadad”], [“area”, “IT”], [“created_at”, “2014-06-29 11:58:02.816205”],
[“date_of_action”, “2014-06-29”], [“description”, “aadad”], [“owner”,
“5”],
[“title”, “aa”], [“updated_at”, “2014-06-29 11:58:02.816205”],
[“user_id”,
2]]

(0.3ms) COMMIT

Redirected to http://localhost:3000/

Completed 302 Found in 9ms (ActiveRecord: 1.2ms)

You can still see that the impact and likelihood fields are still
omitted
during the commit. Maybe this is because they are being passed in as
strings (denoted by the quotes around the values you can see being
passed
in the terminal output above), even though the array is explicitly
integer?
I have tried forcing integers like this, but it has made no difference:

So I’m still stuck! If I change the input name like I have, would I have
to
adjust anything else in my application? This is my first rails project
so
forgive me if the answer to that is an obvious ‘of course’.

Thank you both for your help thus far.

On Wednesday, June 25, 2014 8:26:37 AM UTC-4, Frederick C. wrote:

input_html: { class: ‘form-control’ } %>
Fred

I’m working on this as I would like to have a more permanent solution
for
using the new fields in PostgreSQL. Fred is correct, I’m getting the
following message:

Unpermitted parameters: impact, likelihood

The bigger issue is that these fields are being presented in html as
number
fields, meaning the user can only see or enter one number. I’m not sure
exactly how you would want to present your arrays, how big they will be,
and how the user will enter values or update them. The only time I’ve
used
this functionality is for tags and I limit it to ten tags.

I got around many of the issues by creating a textarea field and
allowing
the user to enter tags separated by spaces. I then converted the
textarea
to an array in the controller before passing it to the model object.

I’m don’t think that’s a great architecture, and it violates the DRY
principle because I do that in both the create and update methods. I’ll
let you know if I come up with some better answers.

Also, FYI, activerecord, for some reason cannot detect changes made to
array columns. Therefore, you have to force the issue by calling
something
like the following:

@risk.impact_will_update!

before saving the record or updating attributes.

On Sunday, June 29, 2014 1:19:42 PM UTC+1, Chris Butcher wrote:

<span class="likelihood-input">

Started POST “/risks” for 127.0.0.1 at 2014-06-29 12:58:02 +0100
Processing by RisksController#create as HTML
Parameters: {“utf8”=>“✓”,
“authenticity_token”=>“LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=”,
“risk”=>{“title”=>“aa”, “description”=>“aadad”, “area”=>“IT”, “owner”=>“5”,
“action”=>“dadad”, “date_of_action(3i)”=>“29”, “date_of_action(2i)”=>“6”,
“date_of_action(1i)”=>“2014”, “action_completed”=>“0”}, “impact”=>[“4”],
“likelihood”=>[“4”], “commit”=>“Create Risk”}

You can see here that impact isn’t inside the risk hash anymore - you
need to set the parameter name to risk[impact][] (and similarly for
likelihood).

It’s normal that the parameter values are strings - the values from a
form submit will always be strings. That shouldn’t be a problem.

Fred

r.

I’ve just started working on this again after some time off.

In response to Fred’s suggestion regarding input names, I looked into it
and found you can specify custom input names in simple form like this:

Note the ":name => " addition in the input_html attribute.

Now this has not fixed the problem at all with regards to app behaviour.
However the error message (“unpermitted parameters…”) in terminal has
disappeared when I attempt to submit a risk:

Started POST “/risks” for 127.0.0.1 at 2014-06-29 12:58:02 +0100

Processing by RisksController#create as HTML

Parameters: {“utf8”=>“✓”,
“authenticity_token”=>“LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=”,
“risk”=>{“title”=>“aa”, “description”=>“aadad”, “area”=>“IT”,
“owner”=>“5”,
“action”=>“dadad”, “date_of_action(3i)”=>“29”,
“date_of_action(2i)”=>“6”,
“date_of_action(1i)”=>“2014”, “action_completed”=>“0”}, “impact”=>[“4”],
“likelihood”=>[“4”], “commit”=>“Create Risk”}

User Load (0.4ms) SELECT “users”.* FROM “users” WHERE
“users”.“remember_token” = ‘1b3c0548b48b9f90cab54a695297436286ad0132’
LIMIT
1

(0.2ms) BEGIN

SQL (0.3ms) INSERT INTO “risks” (“action”, “area”, “created_at”,
“date_of_action”, “description”, “owner”, “title”, “updated_at”,
“user_id”)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING “id” [[“action”,
“dadad”], [“area”, “IT”], [“created_at”, “2014-06-29 11:58:02.816205”],
[“date_of_action”, “2014-06-29”], [“description”, “aadad”], [“owner”,
“5”],
[“title”, “aa”], [“updated_at”, “2014-06-29 11:58:02.816205”],
[“user_id”,
2]]

(0.3ms) COMMIT

Redirected to http://localhost:3000/

Completed 302 Found in 9ms (ActiveRecord: 1.2ms)

You can still see that the impact and likelihood fields are still
omitted
during the commit. Maybe this is because they are being passed in as
strings (denoted by the quotes around the values you can see being
passed
in the terminal output above), even though the array is explicitly
integer?
I have tried forcing integers like this, but it has made no difference:

So I’m still stuck! If I change the input name like I have, would I have
to
adjust anything else in my application? This is my first rails project
so
forgive me if the answer to that is an obvious ‘of course’.

Thank you both for your help thus far.

Although, any help regarding validations would be much appreciated. I
need
the user’s entered value for the impact and likelihood fields to be an
integer between 0 and 100. What I would usually expect would work,
something like:

validates_inclusion_of :impact, :in => 0…100

doesn’t. Validation always fails, presumably because the input is
generated
as an array with an integer inside, rather than a traditional integer.
Anyone know how I could bypass this issue?

Fred, you did it! Thank you, had been stuck on this for days.

On Tuesday, July 1, 2014 6:43:18 PM UTC+1, Chris Butcher wrote:

Although, any help regarding validations would be much appreciated. I need the
user’s entered value for the impact and likelihood fields to be an integer between
0 and 100. What I would usually expect would work, something like:

validates_inclusion_of :impact, :in => 0…100
doesn’t. Validation always fails, presumably because the input is generated as
an array with an integer inside, rather than a traditional integer. Anyone know
how I could bypass this issue?

I think you’ll have to write a custom validation for this

validates :foo
def foo

do whatever checks you want and call

errors.add if the record isn’t valid

end

I can never remember whether it is validate or validates.

Fred

On Tue, Jul 1, 2014 at 10:43 AM, Chris Butcher
[email protected] wrote:

the user’s entered value for the impact and likelihood fields to be an
integer between 0 and 100. What I would usually expect would work, something
like:

validates_inclusion_of :impact, :in => 0…100

doesn’t. Validation always fails, presumably because the input is generated
as an array with an integer inside, rather than a traditional integer.
Anyone know how I could bypass this issue?

I really don’t understand your use case of storing a single integer
as a single-element array, but perhaps just use e.g.

… :in => acceptable_range

def acceptable_range
(1…100).each.map{ |n| [n] }
end

FWIW,

Hassan S. ------------------------ [email protected]

twitter: @hassan