Permalink
Browse files

When executing permit with just a key that points to a hash, DO NOT a…

…llow all the hash

params.require(:person).permit(:projects_attributes) was returning
=> {"projects_attributes"=>{"0"=>{"name"=>"Project 1"}}}

When should return
=> {}

You should be doing ...
params.require(:person).permit(projects_attributes: :name)
to get just the projects attributes you want to allow
  • Loading branch information...
1 parent b91a90e commit bdd105d8b91c5d0881ab78e36a65a79fdca4a7fb @spastorino spastorino committed Oct 12, 2012
View
5 actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -177,7 +177,10 @@ def permit(*filters)
filters.each do |filter|
case filter
when Symbol, String then
- params[filter] = self[filter] if has_key?(filter)
+ if has_key?(filter)
+ value = self[filter]
+ params[filter] = value unless Hash === value
+ end
keys.grep(/\A#{Regexp.escape(filter)}\(\di\)\z/) { |key| params[key] = self[key] }
when Hash then
self.slice(*filter.keys).each do |key, values|
View
6 actionpack/test/controller/parameters/nested_parameters_test.rb
@@ -15,18 +15,22 @@ class NestedParametersTest < ActiveSupport::TestCase
details: {
pages: 200,
genre: "Tragedy"
+ },
+ id: {
+ isbn: 'x'
}
},
magazine: "Mjallo!"
})
- permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ]
+ permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages }, :id ]
assert permitted.permitted?
assert_equal "Romeo and Juliet", permitted[:book][:title]
assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
assert_equal 200, permitted[:book][:details][:pages]
+ assert_nil permitted[:book][:id]
assert_nil permitted[:book][:details][:genre]
assert_nil permitted[:book][:authors][0][:born]
assert_nil permitted[:magazine]

0 comments on commit bdd105d

Please sign in to comment.