File upload with Strong Parameters

[firedev]

I am porting an application that uses Carrierwave to Rails 4, but I have problems with strong params. I have a model with

accepts_nested_attributes_for :photos

Here is how CW passes uploaded images:

{
    # ...
    "model"=>
    {
        # ...
        "photos_attributes"=>
        {
            "1362752177921"=>
            {
                "image"=>"test.jpg",
                "title"=>"test",
                "_destroy"=>"false"
            }
        }
    }
}

However I can't seem to figure out how to write parameters that will accept photos_attributes.

I have tried .permit(photos_attributes: {}) but it simply skips everything inside the photo params hash (image, title, _destroy) . When I use permit!, it might almost work, but first of all this is kinda lame. And then the uuid that is created inside the model before saving doesn't appear in SQL on save and this is the second issue:

photos.uuid may not be NULL: INSERT INTO "photos" ("created_at", "model_id", "image", "title", "updated_at") VALUES (?, ?, ?, ?, ?)

Documentation is seriously lacking here and I am not even sure how to proceed.

How to accept an array of nested parameters? How to add additional parameters for nested models when saving?

[esambo]

Perhaps your photos_attributes object is not one of the supported types: https://github.com/rails/strong_parameters#permitted-scalar-values

[firedev]

It's just a key in params hash, besides what now, I can't upload files anymore?

[rafaelfranca]

have you tried .permit(photos_attributes: {})?

[fxn]

The permit method is a whitelist filter. Either you know what to expect and declare it, or else you cannot whitelist it. If you cannot whitelist then it follows you need to trust whatever comes.

[firedev]

@fxn Yes, I expect an array of hashes with nested values for photos. So can I whitelist it? And the other question is how can I make to save the uuid attribute which exists in the model when it is getting saved, but isn't appearing in the actual sql query?

@rafaelfranca Yes, that is what I've tried, params return this then:

Unpermitted parameters: image, title, _destroy
{
    #...
    "photos_attributes" => {
        "1362762269211" => {}
    }
}

But it skips the hash inside.

[fxn]

I cannot try now, but if my memory is not wrong (rare, but sometimes it happens!) I believe you can declare the atributes as if they were direct children. Strong parameters special-cases hashes whose keys are integers.

[firedev]

In fact this worked, thanks!

.permit( ..., :photos_attributes => ['title', 'image', '_destroy'])

[fxn]

@senny maybe we could add it to the "more examples" section?

[senny]

@fxn I'll add an example for hashes with integer keys!

[senny]

I added the example: https://github.com/lifo/docrails/commit/1d8b56647859fc0c66149642d83b29e3118d2cb0

[fxn]

Fantastic Yves!