All geek questions in one place

How can I raise an error for non-listed parameters, but allow specific ones?

I added the following to mine application.rbbecause I want to have control over all submitted parameters:

config.action_controller.action_on_unpermitted_parameters = :raise

That way, I see pretty quickly during development if I forget to allow a parameter or something like that.

But - now I get the following error when trying to update the user through the form:

found unpermitted parameters: utf8, _method, authenticity_token, commit, locale, id

I’m a little sure how to proceed: indeed, these are parameters that I haven’t heard of before, and they, as I see, are automatically sent to Rails' form_for.

I only need to take care of the parameters of my resources, for example. user[name], user[email]etc.

Is there any way to generally allow these unlisted options above? Or did I miss an important point?

Update

, :

https://github.com/jmuheim/base/commit/dbb62dd68a8a243d056457c9093a6cd8ea3e3836

, , ( josh pw joshjosh ), > . .

$ rake .

, , , - UsersController. , ?

+4
2

.

: https://github.com/rafael/rails/commit/c197a7dc418cd4fe07131a41a44c8ddb66258801.

always_permitted_parameters :

# application.rb
config.action_controller.always_permitted_parameters = %w( controller action locale utf8 authenticity_token commit )

, , , , .

, , :

class UsersController < ApplicationController
  # ...stuff...

  private

  def user_params
    permitted_keys = [:name,
                      :email,
                      :password,
                      :password_confirmation,
                      # etc.
                      :lock_version]

    params.require(:user).permit permitted_keys
  end
end
0

. , , :

  • Sign up Devise::RegistrationsController#create. .

  1. , Users -> Create user. :

    Processing by UsersController#new as HTML
...
[1] base(#<UsersController>) Β»  params
=> {
  "controller" => "users",
  "action" => "new",
  "locale" => "en"
}

    #new, . , inherited resources docs.

    1. edit rails docs:

      params.require(:user).permit(
                 :name,
                 :email,
                 :avatar,
                 :avatar_cache,
                 :remove_avatar,
                 :about,
                 :password,
                 :password_confirmation,
                 :lock_version
               )

      3.1

      , inheried_resources, . " paramsrequire" docs . :

      def permitted_params
  {
    user: params.require(:user).permit(
      :name,
      :email,
      :avatar,
      :avatar_cache,
      :remove_avatar,
      :about,
      :password,
      :password_confirmation,
      :lock_version
    )
  }
end

+1

Source: https://habr.com/ru/post/1610805/

More articles:


All Articles