#permit fails with date helper inputs #15

Open
nakajima opened this Issue Mar 29, 2012 · 7 comments

6 participants

@nakajima

Since the date form helpers use parameters like published_at(1i), published_at(2i), etc, calling params.permit(:published_at) fails. Our current solution is to just list the generated parameter names in the permit call, but it might be worth revisiting this at some point.

@foohey

I'm running into issues with mongoid

Saying:

  def actu_params
    allowed_attributes = [:title, :subtitle, :body, :pages_attributes, :image_id]
    allowed_attributes += ["publish_at(3i)", "publish_at(2i)", "publish_at(1i)", "publish_at(4i)", "publish_at(5i)"]
    allowed_attributes += [:user_id, :draft, :slidable] if current_user.has_role?(:superadmin)
    params.require(:actu).permit(*allowed_attributes)
  end

return WARNING: Can't mass-assign protected attributes: id (that happen only with publish_at fields


If I put attributes in symbols (Like my working ActiveRecord version)

allowed_attributes += [:"publish_at(3i)", :"publish_at(2i)", :"publish_at(1i)", :"publish_at(4i)", :"publish_at(5i)"]

Now I'm getting an exception:
SyntaxError in Admin::ActusController#update

Full trace: http://pastehtml.com/view/c5bqljgnz.html

  def update
    if @actu.update_attributes(actu_params)
      redirect_to edit_admin_actu_path(@actu), notice: "updated"
    else
      render :edit
    end
  end

The same thing is working great with AR

EDIT: not a strong_parameters issue. http://mongoid.org/en/mongoid/docs/rails.html#multi_param

sorry !

@xanview

So after adding include Mongoid::MultiParameterAttributes, all works fine for you with Mongoid?

@foohey

@hackeron yes, here my params for a full datetime (publish_at)

  def article_params
    allowed_attributes = [:title, :subtitle, :body, :pages_attributes, :image_id, :game_id, :console_ids]
    allowed_attributes += [:"publish_at(3i)", :"publish_at(2i)", :"publish_at(1i)", :"publish_at(4i)", :"publish_at(5i)"]
    allowed_attributes += [:user_id, :draft, :slidable] if current_user.has_role?(:superadmin)
    params.require(:actu).permit(*allowed_attributes)
  end
@dpmccabe

This is also a problem with ActiveRecord. You mus also specify attributes like :"exam_time(1i)", :"exam_time(2i)", :"exam_time(3i)", :"exam_time(4i)", :"exam_time(5i)" in addition to :exam_time.

@foohey

Seems fixed by only defining :publish_at on 0.2.0

@rthbound

@nakajima, can you confirm the problem has been fixed (@foohey suggests it has been) and close the issue if so?

@awakia

hi, any updates for this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment