Stack Overflow
Stack Overflow

Questions tagged [strong-parameters]

Strong Parameters requires whitelisting of Action Controller parameters by default. In Ruby on Rails this means the developer will have to make a choice about which Active Model attributes are eligible for mass assignment. Strong parameters have been included in Rails 4 by default.

956 questions
15
votes
5 answers

Why slicing the params hash poses a security issue on mass-assignment?

The official way of preventing security risks with mass-assignment is using attr_accessible. However, some programmers feel this is not a job for the model (or at least not only for the model). The simplest way of doing it in a controller is slicing…
tokland
  • 66,169
  • 13
  • 144
  • 170
15
votes
4 answers

Rails 4 strong parameters failing when creating instances in rails console

Probably doing something stupid here, but here's my basic cookie cutter class: class League < ActiveRecord::Base private def league_params params.require(:full_name).permit! end end And when creating a new instance of…
randombits
  • 47,058
  • 76
  • 251
  • 433
14
votes
2 answers

Rails 4 has_one association form not building

I need some pointers on how Rails 4 works with has_one and belongs_to association. My form doesn't save the has_one relationship Post Model class Post < ActiveRecord::Base validates: :body, presence: true has_one :category, dependent: :destroy …
Wasabi Developer
  • 3,523
  • 6
  • 36
  • 60
14
votes
2 answers

Unpermitted parameters in rails 4

I read about collection_check_boxes but I don't understand how can I set the checked values. I have the following model: class Objective < ActiveRecord::Base has_many :indicators has_many :objective_children, class_name: "Objective",…
Cristhian Boujon
  • 4,060
  • 13
  • 51
  • 90
14
votes
3 answers

RSpec - Testing strong parameters

I am using the strong_parameters gem in my controllers, but I'm having a hard time understanding how I would test it. Here's an example of my setup class UserController < ActionController::Base include ActiveModel::ForbiddenAttributesProtection …
Bryce
  • 2,802
  • 1
  • 21
  • 46
13
votes
1 answer

How to use strong parameters with an objects array in Rails

When using Rails 4.0 strong parameters, how do I permit JSON like this? { "user": { "first_name":"Jello" }, "users_to_employer":[ { "start_date":"2013-09-03T16:45:27+02:00", …
Johan S
  • 3,531
  • 6
  • 35
  • 63
13
votes
1 answer

Rails 4 and Devise - User registration via JSON API

I'm attempting to register a devise user via JSON but keep getting an ActiveModel::ForbiddenAttributesError class Api::V1::RegistrationsController < ApplicationController skip_before_filter :verify_authenticity_token respond_to :json def…
Jayson Lane
  • 2,828
  • 1
  • 24
  • 39
13
votes
3 answers

rails 4 strong params + dynamic hstore keys

I'm having a problem overcoming the new strong params requirement in Rails 4 using Hstore and dynamic accessors I have an Hstore column called :content which I want to use to store content in multiple languages, ie :en, :fr, etc. And I don't know…
holden
  • 13,471
  • 22
  • 98
  • 160
12
votes
1 answer

Rails 5 params with object having empty arrays as values are dropped

I'm having a problem when sending a controller params that look like this: { id: "1", stuff: {"A" => [], "B" => [], "C" => [], "D" => []} } The method only sees { id: "1" } and the entire stuff parameter is dropped. This can be changed if there are…
Luke
  • 2,053
  • 1
  • 18
  • 25
12
votes
2 answers

Difference between attr_accessible and strong parameters

I have just been doing a bit of reading on attr_accessor, attr_accessible and strong parameters at a few different locations: Difference between attr_accessor and attr_accessible How is attr_accessible used in Rails…
atw
  • 5,428
  • 10
  • 39
  • 63
12
votes
3 answers

strong parameters not accepting array

I have this in my view which is a multiselect checkbox Model class User < ActiveRecord::Base has_many :user_roles, :dependent => :destroy accepts_nested_attributes_for :user_roles, :allow_destroy => true has_many :roles, :through =>…
AnkitG
  • 6,438
  • 7
  • 44
  • 72
11
votes
2 answers

Strong Parameters: How to permit parameters using conditions

I wan't to permit certain parameters depending on the current user's role. E.g: only permit the role attribute if the user is an administrator. Is this possible?
carpamon
  • 6,515
  • 3
  • 38
  • 51
11
votes
6 answers

Nested strong parameters in rails - AssociationTypeMismatch MYMODEL expected, got ActionController::Parameters()

I'm rendering a model and it's children Books in JSON like so: {"id":2,"complete":false,"private":false, "books" [{ "id":2,"name":"Some Book"},..... I then come to update this model by passing the same JSON back to my controller and I get the…
Alan H
  • 1,263
  • 1
  • 15
  • 21
11
votes
6 answers

In Rails 4 disable Strong Parameters by default

Is there anyway to disable using strong params? And I know it's a security vulnerability but I really don't need it / want it.
Mike Silvis
  • 1,299
  • 2
  • 17
  • 30
11
votes
1 answer

Rails 4 + Devise Login with email or username and strong parameters

I'm new to RoR and stuck with this devise problem. I want to allow users to sign in with email OR username (registration with username is already ok). I followed these articles: Article 1 and Article 2 and you can see the result…
Dragu
  • 3,242
  • 2
  • 16
  • 15
1 2
3
63 64