strong-parameters

Should we use strong params when we update only one attribute?

你。 提交于 2019-12-10 14:16:49
问题 I'm working on a Rails app and I have several actions( #delete_later, #ban_later and so on) where I only set one attribute from the request parameter( specifically, a reason field for doing that action). I was wondering if it is ok to do it like this: def ban_later @object.reason = params[:object][:reason] @object.save end Or is it a best practice to use strong params even in this situation? def ban_later @object.reason = object_params[:reason] @object.save end private def object_params

has_one nested attributes not saving

自闭症网瘾萝莉.ら 提交于 2019-12-09 18:59:01
问题 I have two models Project and ProjectPipeline. I want to create a Project form that also has fields from the ProjectPipeline model. I have created the form successfully but when I hit save the values aren't stored on the database. project.rb class Project < ActiveRecord::Base has_one :project_pipeline accepts_nested_attributes_for :project_pipeline self.primary_key = :project_id end projectpipeline.rb class ProjectPipeline < ActiveRecord::Base belongs_to :project, autosave: :true validates

Trying to get a POST to return 400 bad request

一个人想着一个人 提交于 2019-12-09 14:21:50
问题 I have a create method that builds a new model through an association and I was expecting it to return a 400 response with some text if no params were in the POST request. However, I get an error. This is in Rails 4.0.2 controller methods: def create @cast_profile = current_user.build_cast_profile(cast_profile_params) if @cast_profile.save redirect_to cast_profile_path else render :edit end end def cast_profile_params params.require(:cast_profile).permit(:name, :email, :public) end If I pass

Dynamic hash field in Mongoid using strong parameters

╄→尐↘猪︶ㄣ 提交于 2019-12-09 11:51:41
问题 So there doesn't appear to be any clean way to generically allow Hash field with strong parameters. This may of course be a strong parameters issue but I'm curious if there is a workaround. I have a model with some fields... field :name, type: String field :email, type: String field :other_stuff, type: Hash, default: {} Now I could just permit everything: params.require(:registration).permit! But that isn't really a great idea and what I'd like to do is something like... params.require(

CanCan load_and_authorize_resource triggers Forbidden Attributes

北战南征 提交于 2019-12-09 08:28:15
问题 I have a standard RESTful controller that uses strong parameters. class UsersController < ApplicationController respond_to :html, :js def index @users = User.all end def show @user = User.find(params[:id]) end def new @user = User.new end def edit @user = User.find(params[:id]) end def create @user = User.new(safe_params) if @user.save redirect_to @user, notice: t('users.controller.create.success') else render :new end end def update @user = User.find(params[:id]) if @user.update_attributes

Strong Parameters: How to permit parameters using conditions

浪尽此生 提交于 2019-12-09 05:50:58
问题 I wan't to permit certain parameters depending on the current user's role. E.g: only permit the role attribute if the user is an administrator. Is this possible? 回答1: Yes, it's possible. You can do something like this : def user_params # List of common params list_params_allowed = [:email, :title, :last_name, :first_name, :phone] # Add the params only for admin list_params_allowed << :role if current_user.admin? params.require(:user).permit(list_params_allowed) end This way, if later you have

Rails 4 + Devise 3.0.0 Adding Username

你。 提交于 2019-12-08 19:31:58
问题 I'm working with Rails 4 and Devise 3.0.0 and am new to using these new strong paramters. I added a username to the User model using the documentation on the Devise wiki. The problem I'm running into is the strong parameters change in Rails 4. How do I add the :login attribute to the user model to enable logging in with either the username or email? 回答1: From the rails4 readme on devise: https://github.com/plataformatec/devise/tree/rails4#strong-parameters class ApplicationController <

Trouble with uploading file after upgrating rails from 3.2 to 4

亡梦爱人 提交于 2019-12-08 18:17:30
Uploading files in my gallery worked fine with Rails 3, but after upgrate I get exeption wrong argument type ActionDispatch::Http::UploadedFile (expected String) in this line @reel.update_attributes(reels_params) . I don't use any gem for handle file uploading, because I need specific processing and store my files in db. After upgraded to rails 4, I added only 1 method to working with strong params in controller reels_params . Controller: class Admin::ReelsController < AdminController before_action :set_reel, only: [:show, :edit, :update, :destroy] def update respond_to do |format| if @reel

change the name of nested keys received as parameter

眉间皱痕 提交于 2019-12-08 08:24:26
问题 Hi in rails the nested parameters are passed with attributes appended to the key's and then its is passed to permit If I receive normal hash and want to append attribute to each nested key before permit is called How to do that ? "project":{ "project_name":"test", "tentative_start_date":"2018-12-12", "tentative_end_date":"2019-12-12", "project_roles":[ { "role_id":1, "project_role_skills":[ { "skill":{ "skill_type":"C++", "id":2 } } ], "project_role_users":[ ], "role_end_date":"2018-12-12",

Strong parameters: Unpermitted parameters: tags in has_many_through relation

大憨熊 提交于 2019-12-08 03:47:30
I have a few models/controllers: event.rb: class Event < ActiveRecord::Base belongs_to :category belongs_to :user has_many :event_tags has_many :tags, through: :event_tags has_many :event_skills has_many :skills, through: :event_skills tag.rb class Tag < ActiveRecord::Base has_many :events, through: :event_tags has_many :event_tags end event_tag.rb class EventTag < ActiveRecord::Base belongs_to :event belongs_to :tag end user.rb: class User < ActiveRecord::Base has_many :events # organized_events events_controller.rb class EventsController < ApplicationController ... def create @event = Event
订阅 strong-parameters