Unpermitted params security warning

Hello I’m quite new to the rails 4 and I’ve not dealt with this kind of
nested security warnings, I basically have a model (receipt), with has
many
items relation. When I save a receipt, I want to have an options to save
many items as well from the same form, I ll skip the ui part and get
back
to the back end, this is how my params look like, when I print params in
the create action :

{utf8=>,

authenticity_token=>*"*0LPWkN5uG+yHrVt99f4bBN+al0FCARNhtV91NysV0TM=
",

receipt=>

{store_id=>2,

purchase_date=>05/05/2015,

items_attributes=>

{*"*1432495749993*"*=>{*"*item*"*=>{*"*name*"*=>*"*ssd*"*, 

amount
=>22, unit_id=>2, quantity=>1,
person_id
=>2, project_id=>""}},

 *"*1432495820856*"*=>{*"*item*"*=>{*"*name*"*=>*"*ds*"*, 

amount=>
22, unit_id=>3, quantity=>1,
person_id=>
2, project_id=>""}}}},

action=>create,

controller=>receipts}

I’ve tried following and more but none of it didn’t work :

params.require(:receipt).permit(:store_id, :purchase_date,
:items_attributes)

params.require(:receipt).permit(:store_id, :purchase_date,
items_attributes:
{1432495749993 => {item => [:name]}})

params.require(:receipt).permit(:store_id, :purchase_date,
items_attributes:
{1432495749993 => {item => [:name]}}).permit!

params.require(:receipt).permit(:store_id, :purchase_date,
items_attributes: {‘1432495749993’ => {‘item’ => [:id, :name, :amount,
:unit_id, :quantity, :person_id, :project_id]}})

And my nested params don’t show, this is the best result I got :

{store_id=>2, purchase_date=>05/05/2015, "
items_attributes*"=>{1432495749993”*=>{}=>{}}}

I’m getting to the point when I don’t know what to need to ask somebody
for
help, what am I doing wrong here?

Nobody knows about this seriously?

try this:

params.require(:receipt).permit(:store_id, :purchase_date,
items_attributes: [:name, :amount, :unit_id, :quantity, :person_id,
:project_id])

Matt

Hi Matt,

Thanks for your response. This is the original params without
authenticity
token and controller :

receipt=>

{store_id=>3,

purchase_date=>05/05/2015,

items_attributes=>{1432688411008=>{item=>{name=>
Test, amount=>2.2, unit_id=>2,
quantity
=>1, person_id=>"", project_id=>2}}}}

This is what I get with what you suggested :

params.require(:receipt).permit(:store_id, :purchase_date,
items_attributes:
[:name, :amount, :unit_id, :quantity, :person_id, :project_id])

Unpermitted parameters: item

=> {store_id=>3, purchase_date=>05/05/2015, "
items_attributes*"=>{1432688411008”*=>{}}}

Still doesn’t allow me to select items attributes.

you need to read
documentation:
http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters

Hi George,

Have added following lines to receipt model?

accepts_nested_attributes_for :items,:allow_destroy => true

Thanks
Abhishek

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs