Permit extra params in special cases with Strong P

2019-05-23 05:26发布

站内问答 / 前沿技术
575 3 4

So for an organization, I want users to be able to be able to edit some things about it.

params.require(:organization).permit(:name, :location)

But in special cases, I want administrators to be able to edit extra attributes

params.require(:organization).permit(:name, :location, :secrets)

Now I know I can just have an if statement to choose which line I want to use, but since the admin will always be able to edit the original attributes, I wanted to easily be able to include them like so:

permitted = params.require(:organization).permit(:name, :location)
permitted.permit(:secrets) if current_user.admin?

Is there any way to chain permit calls like that? Or do I have to do something like store the attributes in an array and conditionally add extra before making the permit call?

3条回答
女痞
2楼-- · 2019-05-23 05:39

What you should do is simple:

def organization_params
  basic_filter = %w(name location)
  filter = user.admin? ? basic_filter.push('secrets') : basic_filter
  params.require(:organization).permit(filter)
end

This will work as you see:

[20] pry(main)> params = ActionController::Parameters.new({
[20] pry(main)*     organization: {  
[20] pry(main)*       name: 'Francesco',    
[20] pry(main)*       location:  'L.A.',    
[20] pry(main)*       secrets: 'secrets'    
[20] pry(main)*     }    
[20] pry(main)* })    
=> {"organization"=>{"name"=>"Francesco", "location"=>"L.A.", "secrets"=>"secrets"}}
[21] pry(main)> basic_filter = %w(name location)
=> ["name", "location"]
[22] pry(main)> filter = true ? basic_filter.push('secrets') : basic_filter
=> ["name", "location", "secrets"]
[23] pry(main)> params.require(:organization).permit(filter)
=> {"name"=>"Francesco", "location"=>"L.A.", "secrets"=>"secrets"}

and if user.admin? is false, the result will be

[26] pry(main)> basic_filter
=> ["name", "location", "secrets"]
[27] pry(main)> basic_filter = %w(name location)
=> ["name", "location"]
[28] pry(main)> filter = false ? basic_filter.push('secrets') : basic_filter
=> ["name", "location"]
[29] pry(main)> params.require(:organization).permit(filter)
Unpermitted parameter: secrets
=> {"name"=>"Francesco", "location"=>"L.A."}

This may help you.

查看更多
0人赞 添加讨论(0) 举报
放我归山
3楼-- · 2019-05-23 05:53

Using the below technique, there's no need to write the same params twice, which is helpful if you have a long list of attributes.

def organization_params
  attributes = [:name, :location]
  attributes.push(:secrets) if current_user.admin?

  params.require(:organization).permit(attributes)
end
查看更多
0人赞 添加讨论(0) 举报
倾城 Initia
4楼-- · 2019-05-23 05:57

This seems to be the way to go:

def permitted_params
  if current_user.admin?
    params.require(:organization).permit(:name, :location, :secrets)
  else
    params.require(:organization).permit(:name, :location)
  end
end

Then use permitted_params in your controller.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)