Rails hashes with unknown keys and strong paramete

2019-02-17 11:35发布

站内问答 / Ruby
845 4 4

I have a rails application that stores a serialized hash in a field called properties.

The hashes keys are unknown though, so I don't know of a way to allow this with strong parameters.

When googling, I found this: https://github.com/rails/rails/issues/9454, but I couldn't figure out exactly what a solution would be.

So basically, my question is: How can you configure strong parameters to allow hashes with unknown keys?

Thanks for all help!

4条回答
SAY GOODBYE
2楼-- · 2019-02-17 11:55

None of these answers worked for me (using Rails 4.2.4), so I figured out the following workaround:

def product_params properties_keys = params[:product][:properties].keys params.require(:product).permit(:title, :description, properties: properties_keys) end

Hope that helps someone.

查看更多
0人赞 添加讨论(0) 举报
贪生不怕死
3楼-- · 2019-02-17 12:01

Your need is completely opposite of objective of strong parameter, when we define strong parameter then basically we are going to whitelist the coming params.

and here in your case we exactly don't know the keys, so there is no need to put strong parameter check over there. that will solve your problem.

查看更多
0人赞 添加讨论(0) 举报
ら.Afraid
4楼-- · 2019-02-17 12:17

You can use a hash instead of a symbol and define what sub-properties are allowed. This can be seen in the source here:

case filter
when Symbol, String
  permitted_scalar_filter(params, filter)
when Hash
  hash_filter(params, filter)
end

https://github.com/rails/rails/blob/bdc73a438a97f2e0aceeb745f4a95f95514c4aa6/actionpack/lib/action_controller/metal/strong_parameters.rb#L522

e.g.

def user_params
  params.require(:person).permit(:name, :description, :age, properties: [:key, :value])
end

If you have no idea what is going to be in properties you could use .slice. Note this will accept anything nested in any of the other fields too.

e.g.

def user_params
  params.require(:person).slice(:name, :description, :age, :properties) 
end

These approaches will work on the following params:

{
  "person": {
    "name": "John",
    "description": "has custom_attributes",
    "age": 42,
    "properties": [
      {
        "key": "the key",
        "value": "the value"
      }
    ]
  }
}

I've confirmed these will work on Rails 4.2.6

查看更多
0人赞 添加讨论(0) 举报
Ridiculous、
5楼-- · 2019-02-17 12:20

I recently had this same issue and I solved it using @fxn's method from https://github.com/rails/rails/issues/9454

For product with properties as hash, solved it as

def product_params
  params.require(:product).permit(:title, :description).tap do |whitelisted|
    whitelisted[:properties] = params[:product][:properties]
  end
end

If you use :raise instead of :log for config.action_controller.action_on_unpermitted_parameters in your environment then remember to remove properties from params before calling permit. Then the method will be

def product_params
  properties = params[:product].delete(:properties)
  params.require(:product).permit(:title, :description).tap do |whitelisted|
    whitelisted[:properties] = properties
  end
end
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)