0

Here is what my API looks like

resource :service_requests do

      before do
        error!('Unauthorized. Invalid token', 401) unless current_company
      end

      get do
        current_company.service_requests
      end

      params do
        requires :service_request, type: Hash do
          optional :prefix, type: String
          requires :first_name, type: String
          requires :last_name, type: String
          requires :contact_email, type: String, regexp: User::EMAIL_REGEX
          requires :phone_number, type: String
          requires :address, type: String
          optional :address2, type: String
          requires :city, type: String
          requires :state, type: String
          requires :zip_code, type: String
          requires :country, type: String
          requires :address_type, type: String
          requires :troubleshooting_reference, type: String

          requires :line_items, type: Array do
            requires :type, type: String
            requires :model_number, type: String
            requires :serial_number, type: String
            optional :additional_information, type: String
          end

        end
      end

      post do
        parameters = ActionController::Parameters.new(params).require(:service_request)
        sr = ServiceRequest.new(
          parameters.permit(
            :troubleshooting_reference,
            :rma,
            :additional_information
          )
        )

        sr.build_customer(
          parameters.permit(
            :prefix,
            :first_name,
            :last_name,
            :contact_email,
            :phone_number
          )
        )
        #
        # shipping_info = customer.build_shipping_information(
        #   parameters.permit(
        #     :address,
        #     :address2,
        #     :company_name,
        #     :city,
        #     :state,
        #     :zip_code,
        #     :country,
        #     :address_type
        #   )
        # )


        if sr.save
          sr
        else
          sr.errors.full_messages
        end
      end
    end

The problem I am running into is that when the save method is called, I am getting this error Unpermitted parameters: first_name, last_name, contact_email, phone_number, address, city, state, zip_code, country, address_type, line_items

Here is what my JSON post looks like:

{
  "service_request": {
    "first_name": "Foo",
    "last_name": "Bar",
    "contact_email": "foo@bar.com",
    "phone_number": "111-111-1111",
    "address": "102 foo st",
    "city": "Nashville",
    "state": "TN",
    "zip_code": "23233",
    "country": "USA",
    "address_type": "Business",
    "troubleshooting_reference": "dshjf",
    "line_items": [
      {
        "type": "Unit",
        "model_number": "123",
        "serial_number": "222"
      }
     ]
  }
}
dennismonsewicz
  • 25,132
  • 33
  • 116
  • 189

1 Answers1

0

Having tried your code locally, I think what you're seeing is normal behaviour. I, too see the "Unpermitted parameters..." messages logged to the console, but the calls to parameters.permit do succeed and return filtered hashes as you expect. So I think if you check you'll find your code is actually working.

You can silence those messages by adding

ActionController::Parameters.action_on_unpermitted_parameters = false

either at the top of your class or in a file under config/initializers.