16

I put in a binding.pry at the top of my controller's update action. Once at that break point, I put in params[:foo_bar] to examine the params hash. Here is what I get:

<ActionController::Parameters {"utf8"=>"✓", "_method"=>"patch", "authenticity_token"=>"123==", "foobar"=><ActionController::Parameters {"barbazz_attributes"=>{"start_date"=>"08/27/2016", "end_date"=>"08/29/2016", "id"=>"89"}, "bazz_id"=>"3", "abc_id"=>"330", "bazzbazz_attributes"=>{"0"=>{"_destroy"=>"1", "city_id"=>"1669", "id"=>"26"}, "1"=>{"city_id"=>"1681", "id"=>"27"}, "2"=>{"city_id"=>"1672"}}} permitted: false>, "cat_id"=>["1", "1", "1"], "commit"=>"Update FooBar", "controller"=>"foo_bars", "action"=>"update", "id"=>"52"} permitted: false>

I assumed permitted: false is there because I did not whitelist some attributes. I looked over the attributes and it appears to me that I did whitelist everything.

I am using Rails 5 if that happens to make any difference.

Question: What is an easy way to find out why the strong parameters are returning params: false.

Neil
  • 4,578
  • 14
  • 70
  • 155

1 Answers1

20

Don't access params directly with params instead use the name you gave your permitted params, for example: foobar_params.

If foobar_params is defined:

def foobar_params
  params.require(:foobar).permit ...
end

The easiest way is to read the source code for ActionController::Parameter, permitted = false is the default unless you call permit! to allow all, but that defeats the purpose of strong parameters.

Leonel Galán
  • 6,993
  • 2
  • 41
  • 60
  • 1
    Thanks! When I use `foobar_params` it now shows `permitted: true`. I knew it was going to be something simple! – Neil Jun 14 '16 at 17:47
  • 2
    It always is! This is to prevent you from inadvertently using params on `Foobar.create` for example. – Leonel Galán Jun 14 '16 at 17:49