Forum: Ruby on Rails Filter params with strong parameters

6276db3f126cef8682f9374f75734acc?d=identicon&s=25 Linus Pettersson (Guest)
on 2013-03-08 10:29
(Received via mailing list)
Hi

I have an hstore field in my database where I store a lot of different
fields.

I still want getters, setters and validations for my fields so I've
created
an array with the fields like this:

DOCUMENT_FIELDS = %w[foo bar baz]

Then I do some meta programming to create getters and setters:

  DOCUMENT_FIELDS.each do |field|
    define_method(field) do
      # ....
    end

    define_method("#{field}=") do |value|
      # ...
    end
  end

Now I would like to pass all fields to strong parameters to properly
filter
it. I tried like this:
params.require(:foo).permit(Foo::DOCUMENT_FIELDS.map(&:to_sym))

But this doesn't work. It removes all values anyway. I guess it is
because
`Foo::DOCUMENT_FIELDS.map(&:to_sym)` creates an array that is passed to
strong parameters (and it seems to not work with arrays).

How can I get around this?

Cheers,
Linus
52f3528c40e9cf28ad0900886eecb128?d=identicon&s=25 Jordon Bedwell (Guest)
on 2013-03-08 10:36
(Received via mailing list)
On Fri, Mar 8, 2013 at 3:27 AM, Linus Pettersson
<linus.pettersson@gmail.com> wrote:
> Then I do some meta programming to create getters and setters:
>
> Now I would like to pass all fields to strong parameters to properly filter
> it. I tried like this:
> params.require(:foo).permit(Foo::DOCUMENT_FIELDS.map(&:to_sym))
>
> But this doesn't work. It removes all values anyway. I guess it is because
> `Foo::DOCUMENT_FIELDS.map(&:to_sym)` creates an array that is passed to
> strong parameters (and it seems to not work with arrays).
>
> How can I get around this?

`params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))`
Though if I'm honest I probably would expect you to not take the long
trip with map and to_sym, might as well just leave them as string keys
because params has indifferent access with default keys being all
string keys for security.
52f3528c40e9cf28ad0900886eecb128?d=identicon&s=25 Jordon Bedwell (Guest)
on 2013-03-08 10:37
(Received via mailing list)
On Fri, Mar 8, 2013 at 3:35 AM, Jordon Bedwell <envygeeks@gmail.com>
wrote:
> `params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))`
> Though if I'm honest I probably would expect you to not take the long
> trip with map and to_sym, might as well just leave them as string keys
> because params has indifferent access with default keys being all
> string keys for security.

I forgot to say what *[] does.  It will expand the array into args.
6276db3f126cef8682f9374f75734acc?d=identicon&s=25 Linus Pettersson (Guest)
on 2013-03-08 10:38
(Received via mailing list)
Got it myself! Splat operator to the rescue :)

params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))




Den fredagen den 8:e mars 2013 kl. 10:27:50 UTC+1 skrev Linus
Pettersson:
6276db3f126cef8682f9374f75734acc?d=identicon&s=25 Linus Pettersson (Guest)
on 2013-03-08 10:42
(Received via mailing list)
Thank you. I thought strong params needed symbols.

Cheers,
Linus


Den fredagen den 8:e mars 2013 kl. 10:35:13 UTC+1 skrev Jordon Bedwell:
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.