All geek questions in one place

Rails Strong Parameters - allow deep nested hashes in an array

How to allow / whitelist deep nested hashes with a very irregular structure (impossible to declare).

Example:

{"widgets" => [ { "id" => 75432, "conversion_goal_id" => 1331, "options" => {"form_settings"=>{"formbuilder-bg-color"=>"rgba(255, 255, 255, 0)", "font-size"=>"14px", "form-field-depth"=>"42px"}, "linkedWidget"=>""}, "type" => "formbuilder-widget" }, { "id" => 75433, "conversion_goal_id" => nil, "options" => {"width"=>"200px", "height"=>"185px", "display"=>"block", "left"=>313, "top"=>152, "position"=>"absolute"}, "type" => "social-sharing-widget" }, {}, ]}

So options JSON / hash object does not have a specific structure.

It is formless.

It could be something like

 {"width"=>"200px", "height"=>"185px", "display"=>"block", "left"=>313, "top"=>152, "position"=>"absolute"}

OR

  {"form_settings"=>{"formbuilder-bg-color"=>"rgba(255, 255, 255, 0)", "font-size"=>"14px", "form-field-depth"=>"44px"}, "linkedWidget"=>"", "required_height"=>164, "settings"=> [{"field_options"=>{"include_other_option"=>true, "size"=>"large", "view_label"=>false}, "field_type"=>"text", "label"=>"Name:", "required"=>false, "asterisk"=>false, "textalign"=>"left"}, {"field_options"=>{"include_other_option"=>true, "size"=>"large", "view_label"=>false}, "field_type"=>"email", "label"=>"Email:", "required"=>false, "asterisk"=>false, "textalign"=>"left"}, {"buttonalign"=>"left", "buttonbgcolor"=>"#ba7373", "buttonfont"=>"Old Standard TT", "buttonfontweight"=>"bold", "buttonfontstyle"=>"normal", "buttonfontsize"=>"18px", "buttonheight"=>"46px", "buttontxtcolor"=>"#ffffff", "field_options"=>{"include_other_option"=>true, "size"=>"large", "view_label"=>false}, "field_type"=>"button", "label"=>"START LIVING", "required"=>true, "textalign"=>"left"}]}

Node widgets are just Array .

I did not find any information on how to whitelist attributes into a hash array.

How to do it?

I found some information in the documentation that I can specify keys directly,

 page_params.permit({widgets: [:key1, :key2]})

But this will not work, since I want to allow ALL attributes / keys in the options hash.

This solution also does not support arrays, but allows nested whitelist objects:

 params.require(:screenshot).permit(:title).tap do |whitelisted| whitelisted[:assets_attributes ] = params[:screenshot][:assets_attributes ] end

So, how can I whitelist each option attribute (hash array)?

DISCLAIMERS FOR COMMENTS:

  • I need to enable everything in the options attribute in the node widget. The widget node is in the widgets array. I still need to prevent other fields, for example. link_text , 'text_value', etc. in the array - I do not want them to be sent.

  • I need strong parameters for the used parameter whitelists and invalid backlist parameters. Some parameters exist only in the interface and do not exist in the background. If I send everything, then I will have an exception.

+5
source share
1 answer

Perhaps I am not following what you are trying to do here. Strong settings are to prohibit the user from sending malicious data, which is why they are mainly white lists of certain keys. If you want to resolve everything, why do you need strong parameters?

-2
source

Source: https://habr.com/ru/post/1243960/

More articles:


All Articles