Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
  • Strong Parameters in Rails

    • 0
    • 1
    • 1
    • 2
    • 0
    • 0
    • 0
    • 0
    • 384
    Comment on it

    Strong Parameters in Rails

    Strong parameters are used to prevent the action controller parameters that are used in Active Model Mass Assignment. If you want to use them, you need to white-list them. It is basically used as a security for sensitive model updates. Lets know, how this can be achieved, first just look into the code given below and understand it step-by-step.

    class AdminController < ActionController::Base
      # It will raise an ActiveModel::ForbiddenAttributes exception for using mass assignment
      def create
      # Here it will pass as long as it has admin key and will throw 
      #    ActionController::ParameterMissing if it will not get
      # here we are not doing mass assignment on update
      def update
        admin = Admin.find(params[:id])
        redirect_to admin
        # Here we are permitting the admin_params to be passed in to the ActiveModel
        def admin_params
          params.require(:admin).permit(:name, :role, :contact, :position)

    Rails allows you to permit scalar values,i.e. :id, so that anything other than this like array, hashes or object can't be injected into it. Permitted scalar types are: String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile, and Rack::Test::UploadedFile.

    # To whitelist id
    # If the value in params needed to be an array of permitted scalar values 
    params.permit(id: [])
    # To permit an entire hash of parameters
    # To permit nested parameters, you can define them like this
    params.permit(:name, { contacts: [] },
                  managers: [ :name,
                             { projects: [ :name ], categories: [] }])

    You can use fetch to supply a default and use Strong Parameter API :

    params.fetch(:master, {}).permit(:name, :specialization)

    To deal with accepts_nested_attributes_for in combination with has_many association, you can use it as:

    # To whitelist the following data:
    # {
    #    "blog" => {
    #              "title" => "Rails Applications",
    #             "categories" => { 
    #                              "1" => {"cat-name" => "Form Helpers"},
    #                             "2" => {"cat-name" => "Associations"}
    #                              }
    #              }
    #  }
    params.require(:blog).permit(:title, categories: [:cat-name])

    Hope you liked this, For more click here.

 0 Comment(s)

Sign In

Sign up using

Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: