Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add Support for Strong Parameters (1.6) #838

Open
wants to merge 1 commit into
from

Conversation

Projects
None yet
5 participants

madmax commented Mar 16, 2013

Hi,

This pull request add support for strong parameters.
example:

class PostController
  load_and_authorize_resource

  private

  def post_params
    params.fetch(:post, {}).permit(:title, :content)
  end

end

This is for 1.6 version

This still gives an error on the new action when the require(:param) is present.

madmax commented Apr 2, 2013

@hellojere when you look at rails guides there is nice example how use strong parameters in new/edit action

http://edgeguides.rubyonrails.org/action_controller_overview.html#more-examples

example:

def blog_params
  params.fetch(:blog, {}).permit(:title, :author)
end

rmoriz commented Apr 12, 2013

Three issues:

  1. I can confirm @hellojere's problem.

    example:

    class AccountDomainsController <ApplicationController
      load_and_authorize_resource class: 'Domain'private
        def domain_params
          params[:domain].permit(:full_name)
        end
    end

    Error: undefined methodpermit' for nil:NilClasswhen accessing thenew` action

    • a fix would probably be to skip the method if there are no params?
    • workaround:
      params[:class] && params[:class].permit(:whatever)
  2. the params method should IMHO be named like the current controller/model instance, in my case account_domain_params

  3. Using 4.0.0b1 rails it looks like that skipping the strong params check (e.g. removing the method or invalid naming) will not produce ANY error! include ActiveModel::ForbiddenAttributesProtection within the model does not help! Risky…

madmax commented Apr 12, 2013

@rmoriz

  1. I write above how you should define params method it is convention that you will find in rails guide
  2. You can have multiple params methods in one controller.
  3. Did you try recent version from master branch?

rmoriz commented Apr 12, 2013

@madmax

  1. what happens when you access the new action of your posts_controller example?
  2. but why not stick to the naming convention?
gem 'rails', github: 'rails/rails'
gem 'cancan', :github => 'moriz/cancan'   # which is ryanb/cancan master + your patch. https://github.com/moriz/cancan
  remote: git://github.com/rails/rails.git
  revision: 436d91869b7febc0030d79adea136add2f526e49
…
  remote: git://github.com/moriz/cancan.git
  revision: c1e86b9404be768a99f16128e68d944a5d365ce8

this definitly needs tests…

madmax commented Apr 13, 2013

@rmoriz read 4.5.3 More Examples from http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters

  1. params.fetch(:blog, {}).permit(:title, :author)
    Will always return hash even if :blog is empty.
  2. Convention was always model names. When you have register form controller will get params[:user] not params[:register] why do you want then name it register_params it it is user_params?

But this is up to you how you name this parameter jus pass class param like you did.

+1

xhoy commented Jul 1, 2014

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment