You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once the action is triggered, the params object will return a filtered list of params. Therefore, if the action is called with
POST /signup?first_name=Simone&last_name=Carletti&email=whatever&foo=bar
the action will strip the unallowed foo parameter. In most cases, this is what we want. However, let's assume that I have a command (similar to the Interactor @jodosha's idea) that I use to process the signup, that takes as input a whitelisted Hash of signup attributes.
So far so good. But our use case is a little bit more complex. We want to allow people to signup, and being redirected to a specific return_to path passed in query string, or a default url if the return path is not present.
Here we have a problem. I don't have access anymore to the return_to. There are a number of possible workarounds, however both @jodosha and I agree that there should be a way to access the unfiltered list of params in a request.
This is just a possible use case, but there are a lot of them.
API
This is a call for feedback. Some options are:
params.raw[:whatever]
params.original[:whatever]
Proposals?
The text was updated successfully, but these errors were encountered:
I don't think we should have two API. params should always represent the expected, (filtered if required) param list.
However, there should be a way to access the original, unfiltered list. If no param filtering is set, then params and params.original (or whatever name is) would be the same.
I don't think we should have two API. params should always represent the expected, (filtered if required) param list.
👍 This will keep the existing whitelisting semantic.
I'm for naming it #raw.
Technical implementation
We can rename Params#_params with Params#_raw.
This method should memoize the result of that computation in @raw. This should be a Lotus::Utils::Attributes instance, in order to guarantee "indifferent access" until we drop support for 2.2-.
As last thing, we should expose an attr_reader :raw.
This is the result of a chat I had with @jodosha about a real-world scenario.
Scenario
Let's suppose I configure an action with some param whitelisting.
Once the action is triggered, the
params
object will return a filtered list of params. Therefore, if the action is called withthe action will strip the unallowed
foo
parameter. In most cases, this is what we want. However, let's assume that I have a command (similar to the Interactor @jodosha's idea) that I use to process the signup, that takes as input a whitelisted Hash of signup attributes.So far so good. But our use case is a little bit more complex. We want to allow people to signup, and being redirected to a specific
return_to
path passed in query string, or a default url if the return path is not present.Here we have a problem. I don't have access anymore to the
return_to
. There are a number of possible workarounds, however both @jodosha and I agree that there should be a way to access the unfiltered list of params in a request.This is just a possible use case, but there are a lot of them.
API
This is a call for feedback. Some options are:
params.raw[:whatever]
params.original[:whatever]
Proposals?
The text was updated successfully, but these errors were encountered: