Only show form input fields in permit_params #5722
Conversation
marclerodrigues
force-pushed
the
5390-only-show-input-fields-in-permit-params
branch
2 times, most recently
from
0328a3b
to
6228cff
Compare
deivid-rodriguez
force-pushed
the
5390-only-show-input-fields-in-permit-params
branch
from
6228cff
to
e5f16cb
Compare
| permit_params do | ||
| permitted = [] | ||
| permitted << :title | ||
| permitted << :body |
There was a problem hiding this comment.
We should improve these docs to showcase when this version can be useful over a static list.
|
In other words, how could this break existing applications? It will definitely remove existing form inputs from default forms, but those inputs should be ignored since they're not permitted at the controller level... 🤔. |
|
I can see why we'd want to drive the form from params but params can be complex. What happens here with nested params? Does something go wrong or it works or is just ignored? |
|
|
||
| if active_admin_config.build_form_with_permitted_params_only | ||
| f.inputs do | ||
| controller.form_params.each do |param| |
There was a problem hiding this comment.
what if permit params are defined with nested attributes (accepts_nested_attributes_for) ?
|
Both good questions, thanks! I think this PR needs more work, so I'll try to have a closer look and address your concerns. |
|
👀 |
|
As mentioned in the issue, I don't think this is worth doing even for the simple case of just one level of params. This can get quite complex. I haven't seen any movement on this other than "that would be nice" and I think it's just because it's easier to declare the form and customize as needed. |
Closes #5390.
Closes #3308.
Adds an option to the resource class named
build_form_with_permitted_params_onlyin order to avoid breaking existing applications that depends on the current behavior. Once this is set totruethe rendered form will only contain the fields specified in thepermit_paramsmethod.