Skip to content
Browse files

Revert "unpermitted params" exception -- it's just not going to work.…

… See the discussion on rails/strong_parameters#75.
  • Loading branch information...
1 parent ae3286b commit cc1c3c5be061e7572018f734e5239750ab449e3f @dhh dhh committed
View
53 actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -19,20 +19,6 @@ def initialize(param) # :nodoc:
end
end
- # Raised when a supplied parameter is not permitted.
- #
- # params = ActionController::Parameters.new(a: "123", b: "456")
- # params.permit(:c)
- # # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
- class UnpermittedParameters < IndexError
- attr_reader :params # :nodoc:
-
- def initialize(params) # :nodoc:
- @params = params
- super("found unpermitted keys: #{params.join(", ")}")
- end
- end
-
# == Action Controller \Parameters
#
# Allows to choose which attributes should be whitelisted for mass updating
@@ -57,14 +43,10 @@ def initialize(params) # :nodoc:
# Person.first.update!(permitted)
# # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
#
- # It provides two options that controls the top-level behavior of new instances:
- #
- # * +permit_all_parameters+ - If it's +true+, all the parameters will be
- # permitted by default. The default is +false+.
- # * +raise_on_unpermitted_parameters+ - If it's +true+, it will raise an
- # ActionController::UnpermittedParameters exception if parameters that are not
- # explicitly permitted are found. The default value is +true+ in test and
- # development environments, +false+ otherwise.
+ # It provides a +permit_all_parameters+ option that controls the top-level
+ # behaviour of new instances. If it's +true+, all the parameters will be
+ # permitted by default. The default value for +permit_all_parameters+
+ # option is +false+.
#
# params = ActionController::Parameters.new
# params.permitted? # => false
@@ -74,16 +56,6 @@ def initialize(params) # :nodoc:
# params = ActionController::Parameters.new
# params.permitted? # => true
#
- # params = ActionController::Parameters.new(a: "123", b: "456")
- # params.permit(:c)
- # # => {}
- #
- # ActionController::Parameters.raise_on_unpermitted_parameters = true
- #
- # params = ActionController::Parameters.new(a: "123", b: "456")
- # params.permit(:c)
- # # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
- #
# <tt>ActionController::Parameters</tt> is inherited from
# <tt>ActiveSupport::HashWithIndifferentAccess</tt>, this means
# that you can fetch values using either <tt>:key</tt> or <tt>"key"</tt>.
@@ -93,11 +65,6 @@ def initialize(params) # :nodoc:
# params["key"] # => "value"
class Parameters < ActiveSupport::HashWithIndifferentAccess
cattr_accessor :permit_all_parameters, instance_accessor: false
- cattr_accessor :raise_on_unpermitted_parameters, instance_accessor: false
-
- # Never raise an UnpermittedParameters exception because of these params
- # are present. They are added by Rails and it's of no concern.
- NEVER_UNPERMITTED_PARAMS = %w( controller action )
# Returns a new instance of <tt>ActionController::Parameters</tt>.
# Also, sets the +permitted+ attribute to the default value of
@@ -255,8 +222,6 @@ def permit(*filters)
end
end
- raise_on_unpermitted_parameters!(params)
-
params.permit!
end
@@ -335,16 +300,6 @@ def each_element(object)
yield object
end
end
-
- def raise_on_unpermitted_parameters!(params)
- if self.class.raise_on_unpermitted_parameters && unpermitted_keys(params).any?
- raise ActionController::UnpermittedParameters.new(unpermitted_keys(params))
- end
- end
-
- def unpermitted_keys(params)
- self.keys - params.keys - NEVER_UNPERMITTED_PARAMS
- end
end
# == Strong \Parameters
View
17 actionpack/lib/action_controller/railtie.rb
@@ -20,25 +20,22 @@ class Railtie < Rails::Railtie #:nodoc:
end
initializer "action_controller.parameters_config" do |app|
- options = app.config.action_controller
-
- ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
- ActionController::Parameters.raise_on_unpermitted_parameters = options.delete(:raise_on_unpermitted_parameters) { Rails.env.test? || Rails.env.development? }
+ ActionController::Parameters.permit_all_parameters = app.config.action_controller.delete(:permit_all_parameters) { false }
end
initializer "action_controller.set_configs" do |app|
paths = app.config.paths
options = app.config.action_controller
- options.logger ||= Rails.logger
- options.cache_store ||= Rails.cache
+ options.logger ||= Rails.logger
+ options.cache_store ||= Rails.cache
- options.javascripts_dir ||= paths["public/javascripts"].first
- options.stylesheets_dir ||= paths["public/stylesheets"].first
+ options.javascripts_dir ||= paths["public/javascripts"].first
+ options.stylesheets_dir ||= paths["public/stylesheets"].first
# Ensure readers methods get compiled
- options.asset_host ||= app.config.asset_host
- options.relative_url_root ||= app.config.relative_url_root
+ options.asset_host ||= app.config.asset_host
+ options.relative_url_root ||= app.config.relative_url_root
ActiveSupport.on_load(:action_controller) do
include app.routes.mounted_helpers
View
43 actionpack/test/controller/parameters/raise_on_unpermitted_parameters_test.rb
@@ -1,43 +0,0 @@
-require 'abstract_unit'
-require 'action_controller/metal/strong_parameters'
-
-class RaiseOnUnpermittedParametersTest < ActiveSupport::TestCase
- def setup
- ActionController::Parameters.raise_on_unpermitted_parameters = true
- end
-
- def teardown
- ActionController::Parameters.raise_on_unpermitted_parameters = false
- end
-
- test "raises on unexpected params" do
- params = ActionController::Parameters.new({
- book: { pages: 65 },
- fishing: "Turnips"
- })
-
- assert_raises(ActionController::UnpermittedParameters) do
- params.permit(book: [:pages])
- end
- end
-
- test "raises on unexpected nested params" do
- params = ActionController::Parameters.new({
- book: { pages: 65, title: "Green Cats and where to find then." }
- })
-
- assert_raises(ActionController::UnpermittedParameters) do
- params.permit(book: [:pages])
- end
- end
-
- test "action and controller keys are safe to ignore" do
- params = ActionController::Parameters.new({
- action: 'index', controller: 'stuff', book: { pages: 65 }
- })
-
- assert_nothing_raised do
- params.permit(book: [:pages])
- end
- end
-end
View
48 railties/test/application/configuration_test.rb
@@ -577,54 +577,6 @@ def create
assert_equal 'permitted', last_response.body
end
- test "config.action_controller.raise_on_unpermitted_parameters = true" do
- app_file 'app/controllers/posts_controller.rb', <<-RUBY
- class PostsController < ActionController::Base
- def create
- render text: params.require(:post).permit(:name)
- end
- end
- RUBY
-
- add_to_config <<-RUBY
- routes.prepend do
- resources :posts
- end
- config.action_controller.raise_on_unpermitted_parameters = true
- RUBY
-
- require "#{app_path}/config/environment"
-
- assert_equal true, ActionController::Parameters.raise_on_unpermitted_parameters
-
- post "/posts", {post: {"title" =>"zomg"}}
- assert_match "We're sorry, but something went wrong", last_response.body
- end
-
- test "config.action_controller.raise_on_unpermitted_parameters is true by default on development" do
- ENV["RAILS_ENV"] = "development"
-
- require "#{app_path}/config/environment"
-
- assert_equal true, ActionController::Parameters.raise_on_unpermitted_parameters
- end
-
- test "config.action_controller.raise_on_unpermitted_parameters is true by defaul on test" do
- ENV["RAILS_ENV"] = "test"
-
- require "#{app_path}/config/environment"
-
- assert_equal true, ActionController::Parameters.raise_on_unpermitted_parameters
- end
-
- test "config.action_controller.raise_on_unpermitted_parameters is false by default on production" do
- ENV["RAILS_ENV"] = "production"
-
- require "#{app_path}/config/environment"
-
- assert_equal false, ActionController::Parameters.raise_on_unpermitted_parameters
- end
-
test "config.action_dispatch.ignore_accept_header" do
make_basic_app do |app|
app.config.action_dispatch.ignore_accept_header = true

0 comments on commit cc1c3c5

Please sign in to comment.
Something went wrong with that request. Please try again.