Forum: Ruby on Rails Filter params with strong parameters

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
6276db3f126cef8682f9374f75734acc?d=identicon&s=25 Linus Pettersson (Guest)
on 2013-03-08 10:29
(Received via mailing list)
Hi

I have an hstore field in my database where I store a lot of different
fields.

I still want getters, setters and validations for my fields so I've
created
an array with the fields like this:

DOCUMENT_FIELDS = %w[foo bar baz]

Then I do some meta programming to create getters and setters:

  DOCUMENT_FIELDS.each do |field|
    define_method(field) do
      # ....
    end

    define_method("#{field}=") do |value|
      # ...
    end
  end

Now I would like to pass all fields to strong parameters to properly
filter
it. I tried like this:
params.require(:foo).permit(Foo::DOCUMENT_FIELDS.map(&:to_sym))

But this doesn't work. It removes all values anyway. I guess it is
because
`Foo::DOCUMENT_FIELDS.map(&:to_sym)` creates an array that is passed to
strong parameters (and it seems to not work with arrays).

How can I get around this?

Cheers,
Linus
52f3528c40e9cf28ad0900886eecb128?d=identicon&s=25 Jordon Bedwell (Guest)
on 2013-03-08 10:36
(Received via mailing list)
On Fri, Mar 8, 2013 at 3:27 AM, Linus Pettersson
<linus.pettersson@gmail.com> wrote:
> Then I do some meta programming to create getters and setters:
>
> Now I would like to pass all fields to strong parameters to properly filter
> it. I tried like this:
> params.require(:foo).permit(Foo::DOCUMENT_FIELDS.map(&:to_sym))
>
> But this doesn't work. It removes all values anyway. I guess it is because
> `Foo::DOCUMENT_FIELDS.map(&:to_sym)` creates an array that is passed to
> strong parameters (and it seems to not work with arrays).
>
> How can I get around this?

`params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))`
Though if I'm honest I probably would expect you to not take the long
trip with map and to_sym, might as well just leave them as string keys
because params has indifferent access with default keys being all
string keys for security.
52f3528c40e9cf28ad0900886eecb128?d=identicon&s=25 Jordon Bedwell (Guest)
on 2013-03-08 10:37
(Received via mailing list)
On Fri, Mar 8, 2013 at 3:35 AM, Jordon Bedwell <envygeeks@gmail.com>
wrote:
> `params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))`
> Though if I'm honest I probably would expect you to not take the long
> trip with map and to_sym, might as well just leave them as string keys
> because params has indifferent access with default keys being all
> string keys for security.

I forgot to say what *[] does.  It will expand the array into args.
6276db3f126cef8682f9374f75734acc?d=identicon&s=25 Linus Pettersson (Guest)
on 2013-03-08 10:38
(Received via mailing list)
Got it myself! Splat operator to the rescue :)

params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))




Den fredagen den 8:e mars 2013 kl. 10:27:50 UTC+1 skrev Linus
Pettersson:
6276db3f126cef8682f9374f75734acc?d=identicon&s=25 Linus Pettersson (Guest)
on 2013-03-08 10:42
(Received via mailing list)
Thank you. I thought strong params needed symbols.

Cheers,
Linus


Den fredagen den 8:e mars 2013 kl. 10:35:13 UTC+1 skrev Jordon Bedwell:
This topic is locked and can not be replied to.