strong parameter and json input rails 4

2019-02-13 18:21发布

问题:

I am trying to save data through JSON String in which I have nested associated attributes. I do not want to use attr_accessible. I almost got the logic of strong parameter but still got the problem to make them work. I am getting JSON string and using it to save data using this

data = request.body.read
@inputData = Person.new(JSON.parse(data))
@inputData.save!
if@inputData.valid?
  render :status => 200, :json => "Data inserted successfully"
else
  render :status => 404, :json => "Not Inserted "
end

I have defined permit strong parameter method allow nested attributes like this

def referral_params
params.require(:person).permit(:id, user_attributes: [:id, :first_name, :last_name, :email], device_attributes: [:id, :os_type, :os_version], location_attributes: [:id, :latitude, :longitude], duration_attributes[:id, :start_time, :end_time]) end

But I am not sure how to use this regerral_params method along with JSON input string....

回答1:

You could try changing your referral_params method to this:

def referral_params
  json_params = ActionController::Parameters.new( JSON.parse(request.body.read) )
  return json_params.require(:person).permit(:id, user_attributes: [:id, :first_name, :last_name, :email], device_attributes: [:id, :os_type, :os_version], location_attributes: [:id, :latitude, :longitude], duration_attributes[:id, :start_time, :end_time])
end

The first line inside the method parses your JSON (which returns a Ruby hash, if I remember correctly) and creates a new ActionController::Parameters object from that. The second one uses permit and require on that params-like object.

params is usually automatically created from post data key/value pairs, and will be of the type ActionController::Parameters. To use permit and require, you have to create an object of that class manually from a hash.


To then use these sanitized params, you have to change

@inputData = Person.new(JSON.parse(data))

to

@inputData = Person.new(referral_params)