Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 

  • Strong Parameters in Rails

    @raghvendra.singh
    Recommendations Offline Message

    • 0
    • 1
    • 1
    • 2
    • 0
    • 0
    • 0
    • 0
    • 439
    Comment on it


    Strong Parameters in Rails

    Strong parameters are used to prevent the action controller parameters that are used in Active Model Mass Assignment. If you want to use them, you need to white-list them. It is basically used as a security for sensitive model updates. Lets know, how this can be achieved, first just look into the code given below and understand it step-by-step.

    class AdminController < ActionController::Base
  # It will raise an ActiveModel::ForbiddenAttributes exception for using mass assignment
  def create
    Admin.create(params[:admin])
  end
 
  # Here it will pass as long as it has admin key and will throw 
  #    ActionController::ParameterMissing if it will not get
  # here we are not doing mass assignment on update
  def update
    admin = Admin.find(params[:id])
    admin.update!(admin_params)
    redirect_to admin
  end
 
  private
    # Here we are permitting the admin_params to be passed in to the ActiveModel
    def admin_params
      params.require(:admin).permit(:name, :role, :contact, :position)
    end
end


    Rails allows you to permit scalar values,i.e. :id, so that anything other than this like array, hashes or object can't be injected into it. Permitted scalar types are: String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile, and Rack::Test::UploadedFile.

    # To whitelist id
params.permit(:id)

# If the value in params needed to be an array of permitted scalar values 
params.permit(id: [])

# To permit an entire hash of parameters
params.require(:entries).permit!

# To permit nested parameters, you can define them like this
params.permit(:name, { contacts: [] },
              managers: [ :name,
                         { projects: [ :name ], categories: [] }])


    You can use fetch to supply a default and use Strong Parameter API :

    params.fetch(:master, {}).permit(:name, :specialization)


    To deal with accepts_nested_attributes_for in combination with has_many association, you can use it as:

    # To whitelist the following data:
# {
#    "blog" => {
#              "title" => "Rails Applications",
#             "categories" => { 
#                              "1" => {"cat-name" => "Form Helpers"},
#                             "2" => {"cat-name" => "Associations"}
#                              }
#              }
#  }
 
params.require(:blog).permit(:title, categories: [:cat-name])


    Hope you liked this, For more click here.

    Ruby on Rails Ruby strong parameters
    Comment on it

 0 Comment(s)

Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: