White listing JSON parameters using Strong Parameters in rails

Question

I have this ajax call which sends a JSON -

$.ajax({
        data: JSON_main_data,
        url: '/daily_work_updates',
        type: "POST",

        success: function(data){
            if (data ==true)
            alert("Data saved successfully");

            else
            alert("Data not saved successfully");
        },
        dataType: 'JSON',
        contentType : 'application/json'
      });

When I try to save this to a database it needs to be whitelisted using strong parameters for rails 4.

This is the call to the StrongParamter function-

DailyWorkUpdate.new(daily_work_update_params)

The strongparameter method-

private
  def daily_work_update_params 
  params.require(:save_daily).permit(:attr1)
  end

This throws an error in the browser which says- undefined method `permit' for #ARRAY

This is the JSON sent to the controller-

{"save_daily"=>[{"attr1"=>"AGNE_WI_UCMS"}]}

I have been stuck here for long now. Any help would be appreciated.

try this `params[:save_daily][0].permit(:attr1)` – Roman Kiselenko Mar 27 '15 at 08:28 — Roman Kiselenko, Mar 27 '15 at 08:28

ROR · Answer 1 · 2015-03-27T07:09:44.690

0

Please try like this

Your JSON should be like this

{"daily_work_update"=>{"attr1"=>"AGNE_WI_UCMS"}}

def daily_work_update_params 
  params.require(:daily_work_update).permit(:attr1)
end

edited Mar 27 '15 at 07:09

answered Mar 27 '15 at 06:36

ROR

441
2
13

This is the response-param is missing or the value is empty: daily_work_update. The name of my JSON is - JSON_main_data . I tried that. It doesn't work either. – Alex Jose Mar 27 '15 at 06:44
@AlexJose Did you try above code or still you are getting same issue ? – ROR Mar 27 '15 at 06:47
I tried the code you responded with. It is not able recognise the value - :daily_work_update . Hence it says- param is missing or empty – Alex Jose Mar 27 '15 at 06:51
@AlexJose, can you please paste here one line of error ? I want to see your this error full "undefined method `permit' for #" – ROR Mar 27 '15 at 06:53
My JSON is a array with has hashes. Hence it is not able to 'permit' the values in my strong params function as mentioned in the question. Should I parse my JSON in some way before sending it? – Alex Jose Mar 27 '15 at 06:55
Full line of error for the code pasted in the question - undefined method `permit' for # – Alex Jose Mar 27 '15 at 06:57

score 0 · Accepted Answer · answered Apr 08 '15 at 08:58

So there seem to be a lot of problems whitelisting JSON parameters. To my understanding this is something which needs to be reported to the rails developers. Anyway, I have a work around solution for the same WITHOUT whitelisting the parameters (which is bad coding standard but the only solution I found).

My controller -

     def create
            (0..params[:length].to_i - 1).each do |i|
              @saved = false
              @saved=DailyWorkUpdate.WriteRecordDailyWorkUpdate(params[:save_daily][i])
            end 
    end

So I directly inserted the values using a SQL query in my model-

def self.WriteRecordDailyWorkUpdate(save_daily)
    @connection = ActiveRecord::Base.establish_connection
    DailyWorkUpdate.connection.execute("INSERT INTO `daily_work_update`(`DATE`) 
                                                                VALUES ('"+save_daily["DATE"]')

    return true
  end

Please feel free to improve this answer. It would help me too. But for now, This is trhe best work around for those who are stuck with this problem.

White listing JSON parameters using Strong Parameters in rails

2 Answers2