发表新帖
发表新帖

Rails hashes with unknown keys and strong parameters

前端 未结
关注
4 1477
旧巷少年郎
旧巷少年郎 2021-01-12 20:09

I have a rails application that stores a serialized hash in a field called properties.

The hashes keys are unknown though, so I don\'t know of a way to

相关标签:
4条回答
  • 心在旅途
    2021-01-12 20:22

    You can use a hash instead of a symbol and define what sub-properties are allowed. This can be seen in the source here:

    case filter
when Symbol, String
  permitted_scalar_filter(params, filter)
when Hash
  hash_filter(params, filter)
end

    https://github.com/rails/rails/blob/bdc73a438a97f2e0aceeb745f4a95f95514c4aa6/actionpack/lib/action_controller/metal/strong_parameters.rb#L522

    e.g.

    def user_params
  params.require(:person).permit(:name, :description, :age, properties: [:key, :value])
end

    If you have no idea what is going to be in properties you could use .slice. Note this will accept anything nested in any of the other fields too.

    e.g.

    def user_params
  params.require(:person).slice(:name, :description, :age, :properties) 
end

    These approaches will work on the following params:

    {
  "person": {
    "name": "John",
    "description": "has custom_attributes",
    "age": 42,
    "properties": [
      {
        "key": "the key",
        "value": "the value"
      }
    ]
  }
}

    I've confirmed these will work on Rails 4.2.6

    0 讨论(0)
  • 走了就别回头了
    2021-01-12 20:31

    None of these answers worked for me (using Rails 4.2.4), so I figured out the following workaround:

    def product_params properties_keys = params[:product][:properties].keys params.require(:product).permit(:title, :description, properties: properties_keys) end

    Hope that helps someone.

    0 讨论(0)
  • 旧巷少年郎
    2021-01-12 20:42

    Your need is completely opposite of objective of strong parameter, when we define strong parameter then basically we are going to whitelist the coming params.

    and here in your case we exactly don't know the keys, so there is no need to put strong parameter check over there. that will solve your problem.

    0 讨论(0)
  • 野性不改
    2021-01-12 20:42

    I recently had this same issue and I solved it using @fxn's method from https://github.com/rails/rails/issues/9454

    For product with properties as hash, solved it as

    def product_params
  params.require(:product).permit(:title, :description).tap do |whitelisted|
    whitelisted[:properties] = params[:product][:properties]
  end
end

    If you use :raise instead of :log for config.action_controller.action_on_unpermitted_parameters in your environment then remember to remove properties from params before calling permit. Then the method will be

    def product_params
  properties = params[:product].delete(:properties)
  params.require(:product).permit(:title, :description).tap do |whitelisted|
    whitelisted[:properties] = properties
  end
end
    0 讨论(0)
 看不清?
提交回复
热议问题