strong parameter support refined to allow standard Rails 4 notation #286

merged 1 commit into from Apr 4, 2014

This commit allows one to use standard rails 4 params.require().permit() notation.
It's done in such a way that this doesn't clash with permitted_params if it's already defined. But if it doesn't, then default permitted_params falls back to a permitting method with resource-specific name.
Method user should define is the same as scaffold generates and thus the same as other gems such as cancan will try to handle.


I think it's a good idea, but the tests should probably test the "required" support. Some quick testing seems to show that it works fine for the "update" controller action.. but it fails for me on the "new" controller action: a 'Required parameter missing' error occurs on the new action, which isn't normal rails behavior. The new action builds a resource and calls resource_params.


@travisp Thank you for a response! Actually I didn't tested it with strong_parameters, and did only testing with stubs. I'll try to fix it.


@travisp Can you please show code which caused the failure? In my tests everything works.


@prijutme4ty Your code testing the new action should be "get :new, {}" because the new action typically does not have any parameters passed to it.

This test fails:

  def test_resource_params_from_new
    get :new, {}
    assert_response :success
    assert assigns(:widget)

Results in: "Expected response to be a <:success>, but was <400>" and response.body after the get request contains "Required parameter missing: hotel"


@travisp Understood the problem. I believe, it's due to inherited_resources using strong_parameter sanitization on new action, while it's not a common practice. I'll try to distinguish new and create action when call #build_resource


I'm having the same problem with the new action.


@rafaelgoulart The code still hasn't been updated to deal with it. I might take a shot in a few weeks if nobody else gets to it: it would be very nice if inherited_resources could work with standard strong_parameters syntax and would also allow the use of "requires".


I've come to the conclusion that the API I used in #260 was stupid, and this one is much better. I'll help out if my schedule opens up.


Any news? Would love to see this merged.


This proposed API makes so much more sense. The current strong parameters solution is pretty awkward to use correctly.


It would be pretty helpful to add a note to the README meanwhile.

As I understand it (after some testing and debugging inside IR), permitted_params must not use params.require(:model).permit(...), but rather params.permit(...). When require is set, IR receives empty parameters from BaseHelpers.build_resource_params so the model is empty.



To address the new issue, you can skip building params if request.get?

@onemanstartup onemanstartup referenced this pull request Nov 8, 2013

Update #335





Any chance of merge for this PR?


If @prijutme4ty can make the PR merge cleanly, I'd be happy to merge it.


Ping @prijutme4ty


@travisp @joelmoss Tried to resolve issue with new action by rescuing an exception. More detailed explanation in a comment before #permitted_params method. Is it acceptable?
Everybody, sorry for such a long delay.

@joelmoss joelmoss merged commit 1e18617 into josevalim:master Apr 4, 2014


@VorontsovIE VorontsovIE deleted the VorontsovIE:strong_params branch Apr 4, 2014


@seanlinsley seanlinsley referenced this pull request in activeadmin/activeadmin Jun 3, 2014

Inherited Resources 1.5.0 #3189

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment