Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Strong Parameters in Rails

    • 0
    • 1
    • 1
    • 2
    • 0
    • 0
    • 0
    • 0
    • 445
    Comment on it


    Strong Parameters in Rails

    Strong parameters are used to prevent the action controller parameters that are used in Active Model Mass Assignment. If you want to use them, you need to white-list them. It is basically used as a security for sensitive model updates. Lets know, how this can be achieved, first just look into the code given below and understand it step-by-step.

    class AdminController < ActionController::Base
      # It will raise an ActiveModel::ForbiddenAttributes exception for using mass assignment
      def create
        Admin.create(params[:admin])
      end
     
      # Here it will pass as long as it has admin key and will throw 
      #    ActionController::ParameterMissing if it will not get
      # here we are not doing mass assignment on update
      def update
        admin = Admin.find(params[:id])
        admin.update!(admin_params)
        redirect_to admin
      end
     
      private
        # Here we are permitting the admin_params to be passed in to the ActiveModel
        def admin_params
          params.require(:admin).permit(:name, :role, :contact, :position)
        end
    end
    


    Rails allows you to permit scalar values,i.e. :id, so that anything other than this like array, hashes or object can't be injected into it. Permitted scalar types are: String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile, and Rack::Test::UploadedFile.

    # To whitelist id
    params.permit(:id)
    
    # If the value in params needed to be an array of permitted scalar values 
    params.permit(id: [])
    
    # To permit an entire hash of parameters
    params.require(:entries).permit!
    
    # To permit nested parameters, you can define them like this
    params.permit(:name, { contacts: [] },
                  managers: [ :name,
                             { projects: [ :name ], categories: [] }])
    


    You can use fetch to supply a default and use Strong Parameter API :

    params.fetch(:master, {}).permit(:name, :specialization)
    


    To deal with accepts_nested_attributes_for in combination with has_many association, you can use it as:

    # To whitelist the following data:
    # {
    #    "blog" => {
    #              "title" => "Rails Applications",
    #             "categories" => { 
    #                              "1" => {"cat-name" => "Form Helpers"},
    #                             "2" => {"cat-name" => "Associations"}
    #                              }
    #              }
    #  }
     
    params.require(:blog).permit(:title, categories: [:cat-name])
    


    Hope you liked this, For more click here.

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: