All geek questions in one place

Strong_parameters do not work

With Ruby 1.9.3, Rails 3.2.13, Strong_parameters 0.2.1:

I followed every sign in textbooks and railscasts, but I can't get strong_parameters to work. It should be something really simple, but I don’t see where the error is.

configurations / Initializers / strong_parameters.rb:

ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)

configurations / application.rb

 config.active_record.whitelist_attributes = false

application / models / product.rb

 class Product < ActiveRecord::Base end

application / controllers / products_controller.rb:

 class ExpedientesController < ApplicationController ... def create @product = Product.new(params[:product]) if @product.save redirect_to @product else render :new end end end

This throws a Forbidden Attributes exception, as expected. But when I go to:

  ... def create @product = Product.new(product_params) # and same flow than before end private def product_params params.require(:product).permit(:name) end

Then, if I go to the form and enter "Name: product 1" and "Color: red", an exception does not occur; the new product is stored in the database without color, but with the correct name.

What am I doing wrong?

+4
source share
1 answer

solvable.

By default, the use of invalid attributes fails and the submitted attributes are filtered out and ignored. In development and testing environments, an error is also logged.

To change the default behavior, for example, in a development environment: config / environment / development.rb:

 # Raises an error on unpermitted attributes assignment config.action_controller.action_on_unpermitted_parameters = :raise # default is :log

Honestly, it is very clearly explained in the github repository.

+6
source

Source: https://habr.com/ru/post/1480693/

More articles:


All Articles