I am trying to implement a simple search and sort for my webapp. I am following the railscast and this railscast.
My application helper for sortable function which I am using as link is:
def sortable(column, title = nil)
title ||= column.titleize
css_class = column == sort_column ? "current #{sort_direction}" : nil
direction = column == sort_column && sort_direction == "asc" ? "desc" : "asc"
link_to title, params.merge(:sort => column, :direction => direction, :page => nil), {:class => css_class}
end
I am using these in the view. In the controller I am using white listing as:
@listingssearch.where(:vehicletype => 'Car').order(sort_column + " " + sort_direction).paginate(:page => params[:page], :per_page => 30)
Private Methods for sanitization:
private
def sort_column
Listing.column_names.include?(params) ? params[:sort] : "rateperhour"
end
def sort_direction
%w[asc desc].include?(params[:direction]) ? params[:direction] : "asc"
end
I tried using merge in the private method:
(Listing.column_names + params) but its not working
For the helper methods I am getting an error when I am trying to provide search params to the sorting link: unable to convert unpermitted parameters to hash
It shows the error is for merge
link_to title, params.merge(:sort => column, :direction => direction, :page => nil), {:class => css_class}
The otherway around works fine:
<%= bootstrap_form_for listings_path, :method => 'get' do %>
<%= hidden_field_tag :direction, :value => params[:direction] %>
<%= hidden_field_tag :sort,:value => params[:sort] %>
<div class= "col-sm-12 col-lg-12 col-md-12" style = "margin: auto;">
<h6 style = "color:#7C064D;"><strong> PICK A DATE <span class="glyphicon glyphicon-calendar"></span></strong>
<%= date_field_tag :startdate, params[:startdate], placeholder: 'DATE' %>
</h6>
</div>
<div class= "col-sm-12 col-lg-12 col-md-12" style = "margin: auto;">
<p>
<%= text_field_tag :near, params[:near], placeholder: ' Destination' %>
<%= text_field_tag :radius, params[:radius], placeholder: ' Search Radius' %>
</p>
</div>
<div class= "col-sm-12 col-lg-12 col-md-12" style = "margin: auto;">
<p>
<%= text_field_tag :min, params[:min], placeholder: ' Minimum Rate Per Hour' %>
<%= text_field_tag :max, params[:max], placeholder: ' Maximum Rate Per Hour' %>
</p>
</div>
<div class= "col-sm-12 col-lg-12 col-md-12" style = "margin-top: 10px;">
<%= submit_tag "Search", class: "btn btn-info", style: "width: 40%; background-color: #E20049; border: #e20049;" %>
<%= link_to 'View All', root_path, class: "btn btn-info", style: "width: 40%; background-color: #E20049; border: #e20049;" %>
</div>
<!-- <div class= "col-sm-6 col-lg-6 col-md-6" style = "margin-top: 10px;">
</div> -->
<% end %>
My question is How to persist search params in sort helper methods in rails 5? What I am doing wrong?
In Rails 5, ActionController::Parameters
no longer inherits from Hash
, in an attempt to discourage people from using Hash
-related methods on the request parameters without explicitly filtering them.
As part of this pull request, which was backported into Rails 5.1 and partially into Rails 5.0, an exception is raised if you try to call to_h
on the parameters object without calling permit
.
Calling merge
on the original params
object (params.merge(:sort => column, :direction => direction, :page => nil)
) returns a new ActionController::Parameters
object with the same permitted
status (that is, permit
has not been called on it). The link_to
method then ends up calling to_h
on that object, which raises the exception.
If you know which parameters should be allowed in the link, you can call permit
with those listed.
params.permit(:param_1, :param_2).merge(:sort => column, :direction => direction, :page => nil)
# OR
params.merge(:sort => column, :direction => direction, :page => nil).permit(:param_1, :param_2, :sort, :direction, :page)
If you don't know which parameters could be included in the link, then you could use request.parameters.merge(...)
(as mentioned in this answer) or params.to_unsafe_h.merge(...)
. Both of these basically circumvent the strong-parameters protection when creating the link. By default, that means that any parameters that were in the original request would also appear in the link URL. I would guess that isn't too risky in this particular situation, but if you have code elsewhere that doesn't sanitize the parameters properly, this could make that situation a little worse.
You can use this hack:
params.to_enum.to_h
I think rails developers will restrict it when they know it's the way to use unpermitted parameters. :)
you can try to use request.parameters.merge, below is sample for your code above
<%= link_to title, listings_path(request.parameters.merge({:sort => "column", :direction => "direction", :page => nil})), :class => "form-control css_class" %>
I believe if you pass column to permit it should get you working again!
def sortable(column, title = nil)
title ||= column.titleize
css_class = column == sort_column ? "current #{sort_direction}" : nil
direction = column == sort_column && sort_direction == "asc" ? "desc" : "asc"
link_to title, params.permit(column).merge(sort: column, direction: direction, page: nil), { class: css_class }
end
来源:https://stackoverflow.com/questions/46029084/rails-unable-to-convert-unpermitted-parameters-to-hash