Skip to content

File upload with Strong Parameters #114

Closed
firedev opened this Issue Mar 8, 2013 · 11 comments

5 participants

@firedev
firedev commented Mar 8, 2013

I am porting an application that uses Carrierwave to Rails 4, but I have problems with strong params. I have a model with

accepts_nested_attributes_for :photos

Here is how CW passes uploaded images:

{
    # ...
    "model"=>
    {
        # ...
        "photos_attributes"=>
        {
            "1362752177921"=>
            {
                "image"=>"test.jpg",
                "title"=>"test",
                "_destroy"=>"false"
            }
        }
    }
}

However I can't seem to figure out how to write parameters that will accept photos_attributes.

I have tried .permit(photos_attributes: {}) but it simply skips everything inside the photo params hash (image, title, _destroy) . When I use permit!, it might almost work, but first of all this is kinda lame. And then the uuid that is created inside the model before saving doesn't appear in SQL on save and this is the second issue:

photos.uuid may not be NULL: INSERT INTO "photos" ("created_at", "model_id", "image", "title", "updated_at") VALUES (?, ?, ?, ?, ?)

Documentation is seriously lacking here and I am not even sure how to proceed.

How to accept an array of nested parameters? How to add additional parameters for nested models when saving?

@esambo
esambo commented Mar 8, 2013

Perhaps your photos_attributes object is not one of the supported types: https://github.com/rails/strong_parameters#permitted-scalar-values

@firedev
firedev commented Mar 8, 2013

It's just a key in params hash, besides what now, I can't upload files anymore?

@rafaelfranca
Ruby on Rails member

have you tried .permit(photos_attributes: {})?

@fxn
Ruby on Rails member
fxn commented Mar 8, 2013

The permit method is a whitelist filter. Either you know what to expect and declare it, or else you cannot whitelist it. If you cannot whitelist then it follows you need to trust whatever comes.

@firedev
firedev commented Mar 8, 2013

@fxn Yes, I expect an array of hashes with nested values for photos. So can I whitelist it? And the other question is how can I make to save the uuid attribute which exists in the model when it is getting saved, but isn't appearing in the actual sql query?

@rafaelfranca Yes, that is what I've tried, params return this then:

Unpermitted parameters: image, title, _destroy
{
    #...
    "photos_attributes" => {
        "1362762269211" => {}
    }
}

But it skips the hash inside.

@fxn
Ruby on Rails member
fxn commented Mar 8, 2013

I cannot try now, but if my memory is not wrong (rare, but sometimes it happens!) I believe you can declare the atributes as if they were direct children. Strong parameters special-cases hashes whose keys are integers.

@firedev
firedev commented Mar 8, 2013

In fact this worked, thanks!

.permit( ..., :photos_attributes => ['title', 'image', '_destroy'])
@firedev firedev closed this Mar 8, 2013
@fxn
Ruby on Rails member
fxn commented Mar 8, 2013

@senny maybe we could add it to the "more examples" section?

@senny
Ruby on Rails member
senny commented Mar 8, 2013

@fxn I'll add an example for hashes with integer keys!

@senny
Ruby on Rails member
senny commented Mar 9, 2013

I added the example: rails/docrails@1d8b566

@fxn
Ruby on Rails member
fxn commented Mar 9, 2013

Fantastic Yves!

@sgerrand sgerrand pushed a commit to sgerrand/rails that referenced this issue Nov 2, 2013
@senny senny strong parameter example for hashes with integer keys.
This replicates the situation described in
rails/strong_parameters#114
1d8b566
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.