Stack Overflow
Stack Overflow

Questions tagged [strong-parameters]

Strong Parameters requires whitelisting of Action Controller parameters by default. In Ruby on Rails this means the developer will have to make a choice about which Active Model attributes are eligible for mass assignment. Strong parameters have been included in Rails 4 by default.

956 questions
35
votes
6 answers

Rails 4.0 Strong Parameters nested attributes with a key that points to a hash

I was playing around with Rails 4.x beta and trying to get nested attributes working with carrierwave. Not sure if what I'm doing is the right direction. After searching around, and then eventually looking at the rails source and strong parameters…
John
  • 495
  • 1
  • 4
  • 8
33
votes
1 answer

Trying to get a POST to return 400 bad request

I have a create method that builds a new model through an association and I was expecting it to return a 400 response with some text if no params were in the POST request. However, I get an error. This is in Rails 4.0.2 controller methods: def…
kjs3
  • 5,758
  • 8
  • 34
  • 49
30
votes
1 answer

How to make an optional strong parameters key but filter nested params?

I have this in my controller: params.require(:item).permit! Let's assume this rspec spec, which works as expected: put :update, id: @item.id, item: { name: "new name" } However, the following causes ActionController::ParameterMissing: put :update,…
orion3
  • 9,797
  • 14
  • 67
  • 93
25
votes
1 answer

Rails 4 strong parameters without required parameters

I'm using Rails 4 and I don't know what is the best way to use strong parameters without required parameters. So, that's what I did: def create device = Device.new(device_params) ................. end private def device_params if…
William Weckl
  • 2,435
  • 4
  • 26
  • 43
21
votes
2 answers

How should I use rails and simple_form for nested resources?

I'm trying to create one resource with another nested resource at the same time. I'm using Rails4 and simple_form 3.0.0rc. Here is my code. Models: class User < ActiveRecord::Base has_one :profile accepts_nested_attributes_for…
vasily.sib
  • 3,871
  • 2
  • 23
  • 26
20
votes
2 answers

Rails Strong Parameters - Allow parameter to be an Array or String

Using Strong Parameters in my Rails Controller, how can I state that a permitted parameter can be a String or an Array? My strong params: class SiteSearchController < ApplicationController [...abbreviated for brevity...] private def…
skplunkerin
  • 2,123
  • 5
  • 28
  • 40
19
votes
3 answers

Rails 4.1.5 omniauth strong parameters

After upgrading Rails 4.1.4 to 4.1.5 i get errors with my facebook omniauth session everything was working fine since then. When i create a User Session i get an ActiveModel::ForbiddenAttributesError Route: match 'auth/:provider/callback', to:…
Jonnyx Delavilla
  • 555
  • 9
  • 24
19
votes
2 answers

Rails 4 strong parameters param not found error with carrierwave

I'm having trouble with carrierwave and rails 4 strong parameters. I have a very simple model with a carrier wave upload button. I'd like to show an error message if someone submits the upload form without choosing a file to upload. Right now, I…
Lee McAlilly
  • 9,084
  • 12
  • 60
  • 94
19
votes
2 answers

Rails 4 Strong Parameters - Handling Missing Model Params Hash

Models: Posts and Users Post belongs_to :user User has_many :posts Simple. Assuming a few users exist, we visit the edit page for a Post. <%= form_for @post do |f| %> ... <% User.all.each do |user| %>
<%= f.radio_button "user_id", user.id…
Benjamin
  • 1,832
  • 1
  • 17
  • 27
18
votes
1 answer

rails strong parameter not accepting array of hashes

I have a group controller which accepts array of hashes as parameter for POST request for create action def create response = Group.create(current_user_id, group_params) render json: response end def group_params …
Gagan
  • 4,278
  • 7
  • 46
  • 71
17
votes
3 answers

Disable strong parameters for a specific action

I have a serious problem with strong parameters. Its working pretty well in my about 200 actions but in one it doesn't because I'm working very dynamic with the parameters there and I also cant change it because of the applications design. So I want…
davidb
  • 8,884
  • 4
  • 36
  • 72
17
votes
3 answers

Rails 4.0 with Devise. Nested attributes Unpermited parameters

I am working on a web-app using Devise and Rails 4. I have a User model which I have extended with 2 extra form fields such that when a user signs up he can also submit his first/last names. (based on…
Claudiu S
  • 1,587
  • 6
  • 22
  • 40
17
votes
2 answers

Strong Parameters in Rails 3.2.8

This video states that it is possible to protect the input coming in via the controller yet still be able to do mass assignment via models and specs. However, I have not seen this documented as a feature when using strong_parameters in 3.2.8. I…
Brandon Hansen
  • 816
  • 1
  • 10
  • 17
17
votes
2 answers

CanCan load_and_authorize_resource triggers Forbidden Attributes

I have a standard RESTful controller that uses strong parameters. class UsersController < ApplicationController respond_to :html, :js def index @users = User.all end def show @user = User.find(params[:id]) end def new …
Tiggers
  • 179
  • 1
  • 3
16
votes
1 answer

Why Strong Params contains permitted: false

I put in a binding.pry at the top of my controller's update action. Once at that break point, I put in params[:foo_bar] to examine the params hash. Here is what I get: "✓", "_method"=>"patch",…
Neil
  • 4,578
  • 14
  • 70
  • 155
1
2
3
63 64