I am trying to skip a deeply nested JSON field in my model (document => field_instance => value). I used an empty hash due to a misunderstanding of the documentation .
resolution! may do what I need, but I try to avoid just doing params.fetch(:document).permit!because of the massive security hole that opens. So, how can I resolve any structures of any type under the double nested "parameter" JSON value?
I test one line under a value called text and get 'Unpermitted parameter: text'
Each instance field has a specific type that has a list of required parameters, but without a way to be specific to each field_ instance in the document, I decided to simply allow all the parameters in this JSON field.
Here is my document_params method:
params.fetch(:document)
.permit(:structure_id, :field_instances_attributes => [
:value,
:document_id,
:field_id,
:value_attributes => {}
])
So what am I doing wrong here?
Or, even better: each field_instance has a type that knows the exact structure that the field value expects. Can I be specific regarding the fields allowed by value for each field_instance field?
Related Logs:
service_1 | Parameters: {"utf8"=>"Ô£ô", "authenticity_token"=>" -- censored --", "document"=>{"structure_id"=>"1", "field_instances_attributes"=>[{"document_id"=>"0", "field_id"=>"1", "value_attributes"=>{"text"=>"asdf"}}]}, "commit"=>"Create Document"}
service_1 | Unpermitted parameter: text
service_1 | Unpermitted parameter: text
service_1 |
source
share