actionpack 7.1.5.1 → 7.2.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +61 -642
- data/lib/abstract_controller/asset_paths.rb +2 -0
- data/lib/abstract_controller/base.rb +102 -98
- data/lib/abstract_controller/caching/fragments.rb +50 -53
- data/lib/abstract_controller/caching.rb +2 -0
- data/lib/abstract_controller/callbacks.rb +66 -64
- data/lib/abstract_controller/collector.rb +6 -6
- data/lib/abstract_controller/deprecator.rb +2 -0
- data/lib/abstract_controller/error.rb +2 -0
- data/lib/abstract_controller/helpers.rb +70 -85
- data/lib/abstract_controller/logger.rb +2 -0
- data/lib/abstract_controller/railties/routes_helpers.rb +2 -0
- data/lib/abstract_controller/rendering.rb +13 -12
- data/lib/abstract_controller/translation.rb +12 -13
- data/lib/abstract_controller/url_for.rb +8 -6
- data/lib/abstract_controller.rb +2 -0
- data/lib/action_controller/api/api_rendering.rb +2 -0
- data/lib/action_controller/api.rb +74 -72
- data/lib/action_controller/base.rb +155 -117
- data/lib/action_controller/caching.rb +15 -12
- data/lib/action_controller/deprecator.rb +2 -0
- data/lib/action_controller/form_builder.rb +20 -17
- data/lib/action_controller/log_subscriber.rb +3 -1
- data/lib/action_controller/metal/allow_browser.rb +119 -0
- data/lib/action_controller/metal/basic_implicit_render.rb +2 -0
- data/lib/action_controller/metal/conditional_get.rb +188 -174
- data/lib/action_controller/metal/content_security_policy.rb +25 -24
- data/lib/action_controller/metal/cookies.rb +4 -2
- data/lib/action_controller/metal/data_streaming.rb +64 -55
- data/lib/action_controller/metal/default_headers.rb +5 -3
- data/lib/action_controller/metal/etag_with_flash.rb +3 -1
- data/lib/action_controller/metal/etag_with_template_digest.rb +17 -15
- data/lib/action_controller/metal/exceptions.rb +11 -9
- data/lib/action_controller/metal/flash.rb +12 -10
- data/lib/action_controller/metal/head.rb +12 -10
- data/lib/action_controller/metal/helpers.rb +63 -55
- data/lib/action_controller/metal/http_authentication.rb +214 -203
- data/lib/action_controller/metal/implicit_render.rb +17 -15
- data/lib/action_controller/metal/instrumentation.rb +15 -12
- data/lib/action_controller/metal/live.rb +113 -107
- data/lib/action_controller/metal/logging.rb +6 -4
- data/lib/action_controller/metal/mime_responds.rb +151 -142
- data/lib/action_controller/metal/parameter_encoding.rb +34 -32
- data/lib/action_controller/metal/params_wrapper.rb +57 -59
- data/lib/action_controller/metal/permissions_policy.rb +13 -12
- data/lib/action_controller/metal/rate_limiting.rb +62 -0
- data/lib/action_controller/metal/redirecting.rb +108 -82
- data/lib/action_controller/metal/renderers.rb +50 -49
- data/lib/action_controller/metal/rendering.rb +103 -75
- data/lib/action_controller/metal/request_forgery_protection.rb +162 -133
- data/lib/action_controller/metal/rescue.rb +11 -9
- data/lib/action_controller/metal/streaming.rb +138 -136
- data/lib/action_controller/metal/strong_parameters.rb +483 -478
- data/lib/action_controller/metal/testing.rb +2 -0
- data/lib/action_controller/metal/url_for.rb +17 -15
- data/lib/action_controller/metal.rb +58 -57
- data/lib/action_controller/railtie.rb +3 -0
- data/lib/action_controller/railties/helpers.rb +2 -0
- data/lib/action_controller/renderer.rb +42 -36
- data/lib/action_controller/template_assertions.rb +4 -2
- data/lib/action_controller/test_case.rb +146 -126
- data/lib/action_controller.rb +5 -1
- data/lib/action_dispatch/constants.rb +2 -0
- data/lib/action_dispatch/deprecator.rb +2 -0
- data/lib/action_dispatch/http/cache.rb +27 -26
- data/lib/action_dispatch/http/content_disposition.rb +2 -0
- data/lib/action_dispatch/http/content_security_policy.rb +48 -59
- data/lib/action_dispatch/http/filter_parameters.rb +13 -14
- data/lib/action_dispatch/http/filter_redirect.rb +15 -1
- data/lib/action_dispatch/http/headers.rb +22 -22
- data/lib/action_dispatch/http/mime_negotiation.rb +30 -41
- data/lib/action_dispatch/http/mime_type.rb +25 -21
- data/lib/action_dispatch/http/mime_types.rb +2 -0
- data/lib/action_dispatch/http/parameters.rb +11 -9
- data/lib/action_dispatch/http/permissions_policy.rb +26 -36
- data/lib/action_dispatch/http/rack_cache.rb +2 -0
- data/lib/action_dispatch/http/request.rb +75 -95
- data/lib/action_dispatch/http/response.rb +61 -61
- data/lib/action_dispatch/http/upload.rb +18 -16
- data/lib/action_dispatch/http/url.rb +75 -73
- data/lib/action_dispatch/journey/formatter.rb +13 -6
- data/lib/action_dispatch/journey/gtg/builder.rb +4 -3
- data/lib/action_dispatch/journey/gtg/simulator.rb +2 -0
- data/lib/action_dispatch/journey/gtg/transition_table.rb +10 -8
- data/lib/action_dispatch/journey/nfa/dot.rb +2 -0
- data/lib/action_dispatch/journey/nodes/node.rb +6 -5
- data/lib/action_dispatch/journey/parser.rb +4 -3
- data/lib/action_dispatch/journey/parser_extras.rb +2 -0
- data/lib/action_dispatch/journey/path/pattern.rb +4 -1
- data/lib/action_dispatch/journey/route.rb +9 -7
- data/lib/action_dispatch/journey/router/utils.rb +16 -15
- data/lib/action_dispatch/journey/router.rb +4 -2
- data/lib/action_dispatch/journey/routes.rb +4 -2
- data/lib/action_dispatch/journey/scanner.rb +4 -2
- data/lib/action_dispatch/journey/visitors.rb +2 -0
- data/lib/action_dispatch/journey.rb +2 -0
- data/lib/action_dispatch/log_subscriber.rb +2 -0
- data/lib/action_dispatch/middleware/actionable_exceptions.rb +2 -0
- data/lib/action_dispatch/middleware/assume_ssl.rb +8 -5
- data/lib/action_dispatch/middleware/callbacks.rb +3 -1
- data/lib/action_dispatch/middleware/cookies.rb +119 -104
- data/lib/action_dispatch/middleware/debug_exceptions.rb +13 -5
- data/lib/action_dispatch/middleware/debug_locks.rb +15 -13
- data/lib/action_dispatch/middleware/debug_view.rb +2 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +6 -11
- data/lib/action_dispatch/middleware/executor.rb +2 -0
- data/lib/action_dispatch/middleware/flash.rb +63 -51
- data/lib/action_dispatch/middleware/host_authorization.rb +17 -15
- data/lib/action_dispatch/middleware/public_exceptions.rb +8 -6
- data/lib/action_dispatch/middleware/reloader.rb +5 -3
- data/lib/action_dispatch/middleware/remote_ip.rb +77 -72
- data/lib/action_dispatch/middleware/request_id.rb +14 -9
- data/lib/action_dispatch/middleware/server_timing.rb +4 -2
- data/lib/action_dispatch/middleware/session/abstract_store.rb +2 -0
- data/lib/action_dispatch/middleware/session/cache_store.rb +13 -8
- data/lib/action_dispatch/middleware/session/cookie_store.rb +27 -26
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +7 -3
- data/lib/action_dispatch/middleware/show_exceptions.rb +16 -16
- data/lib/action_dispatch/middleware/ssl.rb +43 -40
- data/lib/action_dispatch/middleware/stack.rb +11 -10
- data/lib/action_dispatch/middleware/static.rb +33 -31
- data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +1 -1
- data/lib/action_dispatch/railtie.rb +2 -3
- data/lib/action_dispatch/request/session.rb +23 -21
- data/lib/action_dispatch/request/utils.rb +2 -0
- data/lib/action_dispatch/routing/endpoint.rb +2 -0
- data/lib/action_dispatch/routing/inspector.rb +6 -4
- data/lib/action_dispatch/routing/mapper.rb +623 -625
- data/lib/action_dispatch/routing/polymorphic_routes.rb +69 -62
- data/lib/action_dispatch/routing/redirection.rb +37 -32
- data/lib/action_dispatch/routing/route_set.rb +60 -46
- data/lib/action_dispatch/routing/routes_proxy.rb +6 -4
- data/lib/action_dispatch/routing/url_for.rb +130 -125
- data/lib/action_dispatch/routing.rb +150 -148
- data/lib/action_dispatch/system_test_case.rb +91 -81
- data/lib/action_dispatch/system_testing/browser.rb +4 -2
- data/lib/action_dispatch/system_testing/driver.rb +2 -0
- data/lib/action_dispatch/system_testing/server.rb +2 -0
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +32 -21
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +2 -0
- data/lib/action_dispatch/testing/assertion_response.rb +8 -6
- data/lib/action_dispatch/testing/assertions/response.rb +26 -23
- data/lib/action_dispatch/testing/assertions/routing.rb +153 -84
- data/lib/action_dispatch/testing/assertions.rb +2 -0
- data/lib/action_dispatch/testing/integration.rb +223 -222
- data/lib/action_dispatch/testing/request_encoder.rb +2 -0
- data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
- data/lib/action_dispatch/testing/test_process.rb +12 -8
- data/lib/action_dispatch/testing/test_request.rb +3 -1
- data/lib/action_dispatch/testing/test_response.rb +27 -26
- data/lib/action_dispatch.rb +22 -32
- data/lib/action_pack/gem_version.rb +6 -4
- data/lib/action_pack/version.rb +3 -1
- data/lib/action_pack.rb +17 -16
- metadata +33 -16
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# :markup: markdown
|
4
|
+
|
3
5
|
require "active_support/core_ext/hash/indifferent_access"
|
4
6
|
require "active_support/core_ext/array/wrap"
|
5
7
|
require "active_support/core_ext/string/filters"
|
@@ -14,11 +16,11 @@ require "yaml"
|
|
14
16
|
module ActionController
|
15
17
|
# Raised when a required parameter is missing.
|
16
18
|
#
|
17
|
-
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
19
|
+
# params = ActionController::Parameters.new(a: {})
|
20
|
+
# params.fetch(:b)
|
21
|
+
# # => ActionController::ParameterMissing: param is missing or the value is empty: b
|
22
|
+
# params.require(:a)
|
23
|
+
# # => ActionController::ParameterMissing: param is missing or the value is empty: a
|
22
24
|
class ParameterMissing < KeyError
|
23
25
|
attr_reader :param, :keys # :nodoc:
|
24
26
|
|
@@ -38,12 +40,12 @@ module ActionController
|
|
38
40
|
end
|
39
41
|
|
40
42
|
# Raised when a supplied parameter is not expected and
|
41
|
-
# ActionController::Parameters.action_on_unpermitted_parameters
|
42
|
-
#
|
43
|
+
# ActionController::Parameters.action_on_unpermitted_parameters is set to
|
44
|
+
# `:raise`.
|
43
45
|
#
|
44
|
-
#
|
45
|
-
#
|
46
|
-
#
|
46
|
+
# params = ActionController::Parameters.new(a: "123", b: "456")
|
47
|
+
# params.permit(:c)
|
48
|
+
# # => ActionController::UnpermittedParameters: found unpermitted parameters: :a, :b
|
47
49
|
class UnpermittedParameters < IndexError
|
48
50
|
attr_reader :params # :nodoc:
|
49
51
|
|
@@ -53,12 +55,12 @@ module ActionController
|
|
53
55
|
end
|
54
56
|
end
|
55
57
|
|
56
|
-
# Raised when a Parameters instance is not marked as permitted and
|
57
|
-
#
|
58
|
+
# Raised when a Parameters instance is not marked as permitted and an operation
|
59
|
+
# to transform it to hash is called.
|
58
60
|
#
|
59
|
-
#
|
60
|
-
#
|
61
|
-
#
|
61
|
+
# params = ActionController::Parameters.new(a: "123", b: "456")
|
62
|
+
# params.to_h
|
63
|
+
# # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
|
62
64
|
class UnfilteredParameters < ArgumentError
|
63
65
|
def initialize # :nodoc:
|
64
66
|
super("unable to convert unpermitted parameters to hash")
|
@@ -67,12 +69,12 @@ module ActionController
|
|
67
69
|
|
68
70
|
# Raised when initializing Parameters with keys that aren't strings or symbols.
|
69
71
|
#
|
70
|
-
#
|
71
|
-
#
|
72
|
+
# ActionController::Parameters.new(123 => 456)
|
73
|
+
# # => ActionController::InvalidParameterKey: all keys must be Strings or Symbols, got: Integer
|
72
74
|
class InvalidParameterKey < ArgumentError
|
73
75
|
end
|
74
76
|
|
75
|
-
#
|
77
|
+
# # Action Controller Parameters
|
76
78
|
#
|
77
79
|
# Allows you to choose which attributes should be permitted for mass updating
|
78
80
|
# and thus prevent accidentally exposing that which shouldn't be exposed.
|
@@ -80,63 +82,68 @@ module ActionController
|
|
80
82
|
# used to mark parameters as required. The latter is used to set the parameter
|
81
83
|
# as permitted and limit which attributes should be allowed for mass updating.
|
82
84
|
#
|
83
|
-
#
|
84
|
-
#
|
85
|
-
#
|
86
|
-
#
|
87
|
-
#
|
88
|
-
#
|
89
|
-
#
|
85
|
+
# params = ActionController::Parameters.new({
|
86
|
+
# person: {
|
87
|
+
# name: "Francesco",
|
88
|
+
# age: 22,
|
89
|
+
# role: "admin"
|
90
|
+
# }
|
91
|
+
# })
|
90
92
|
#
|
91
|
-
#
|
92
|
-
#
|
93
|
-
#
|
93
|
+
# permitted = params.require(:person).permit(:name, :age)
|
94
|
+
# permitted # => #<ActionController::Parameters {"name"=>"Francesco", "age"=>22} permitted: true>
|
95
|
+
# permitted.permitted? # => true
|
94
96
|
#
|
95
|
-
#
|
96
|
-
#
|
97
|
+
# Person.first.update!(permitted)
|
98
|
+
# # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
|
97
99
|
#
|
98
100
|
# It provides two options that controls the top-level behavior of new instances:
|
99
101
|
#
|
100
|
-
# *
|
101
|
-
#
|
102
|
-
# *
|
103
|
-
#
|
104
|
-
#
|
105
|
-
#
|
106
|
-
#
|
107
|
-
#
|
108
|
-
#
|
102
|
+
# * `permit_all_parameters` - If it's `true`, all the parameters will be
|
103
|
+
# permitted by default. The default is `false`.
|
104
|
+
# * `action_on_unpermitted_parameters` - Controls behavior when parameters
|
105
|
+
# that are not explicitly permitted are found. The default value is `:log`
|
106
|
+
# in test and development environments, `false` otherwise. The values can
|
107
|
+
# be:
|
108
|
+
# * `false` to take no action.
|
109
|
+
# * `:log` to emit an `ActiveSupport::Notifications.instrument` event on
|
110
|
+
# the `unpermitted_parameters.action_controller` topic and log at the
|
111
|
+
# DEBUG level.
|
112
|
+
# * `:raise` to raise an ActionController::UnpermittedParameters
|
113
|
+
# exception.
|
114
|
+
#
|
115
|
+
#
|
109
116
|
#
|
110
117
|
# Examples:
|
111
118
|
#
|
112
|
-
#
|
113
|
-
#
|
119
|
+
# params = ActionController::Parameters.new
|
120
|
+
# params.permitted? # => false
|
114
121
|
#
|
115
|
-
#
|
122
|
+
# ActionController::Parameters.permit_all_parameters = true
|
116
123
|
#
|
117
|
-
#
|
118
|
-
#
|
124
|
+
# params = ActionController::Parameters.new
|
125
|
+
# params.permitted? # => true
|
119
126
|
#
|
120
|
-
#
|
121
|
-
#
|
122
|
-
#
|
127
|
+
# params = ActionController::Parameters.new(a: "123", b: "456")
|
128
|
+
# params.permit(:c)
|
129
|
+
# # => #<ActionController::Parameters {} permitted: true>
|
123
130
|
#
|
124
|
-
#
|
131
|
+
# ActionController::Parameters.action_on_unpermitted_parameters = :raise
|
125
132
|
#
|
126
|
-
#
|
127
|
-
#
|
128
|
-
#
|
133
|
+
# params = ActionController::Parameters.new(a: "123", b: "456")
|
134
|
+
# params.permit(:c)
|
135
|
+
# # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
|
129
136
|
#
|
130
137
|
# Please note that these options *are not thread-safe*. In a multi-threaded
|
131
138
|
# environment they should only be set once at boot-time and never mutated at
|
132
139
|
# runtime.
|
133
140
|
#
|
134
|
-
# You can fetch values of
|
135
|
-
#
|
141
|
+
# You can fetch values of `ActionController::Parameters` using either `:key` or
|
142
|
+
# `"key"`.
|
136
143
|
#
|
137
|
-
#
|
138
|
-
#
|
139
|
-
#
|
144
|
+
# params = ActionController::Parameters.new(key: "value")
|
145
|
+
# params[:key] # => "value"
|
146
|
+
# params["key"] # => "value"
|
140
147
|
class Parameters
|
141
148
|
include ActiveSupport::DeepMergeable
|
142
149
|
|
@@ -148,12 +155,13 @@ module ActionController
|
|
148
155
|
# :method: deep_merge
|
149
156
|
#
|
150
157
|
# :call-seq:
|
151
|
-
#
|
158
|
+
# deep_merge(other_hash, &block)
|
152
159
|
#
|
153
|
-
# Returns a new
|
160
|
+
# Returns a new `ActionController::Parameters` instance with `self` and
|
161
|
+
# `other_hash` merged recursively.
|
154
162
|
#
|
155
|
-
# Like with
|
156
|
-
#
|
163
|
+
# Like with `Hash#merge` in the standard library, a block can be provided to
|
164
|
+
# merge values.
|
157
165
|
#
|
158
166
|
#--
|
159
167
|
# Implemented by ActiveSupport::DeepMergeable#deep_merge.
|
@@ -162,9 +170,9 @@ module ActionController
|
|
162
170
|
# :method: deep_merge!
|
163
171
|
#
|
164
172
|
# :call-seq:
|
165
|
-
#
|
173
|
+
# deep_merge!(other_hash, &block)
|
166
174
|
#
|
167
|
-
# Same as
|
175
|
+
# Same as `#deep_merge`, but modifies `self`.
|
168
176
|
#
|
169
177
|
#--
|
170
178
|
# Implemented by ActiveSupport::DeepMergeable#deep_merge!.
|
@@ -173,7 +181,7 @@ module ActionController
|
|
173
181
|
# :method: as_json
|
174
182
|
#
|
175
183
|
# :call-seq:
|
176
|
-
#
|
184
|
+
# as_json(options=nil)
|
177
185
|
#
|
178
186
|
# Returns a hash that can be used as the JSON representation for the parameters.
|
179
187
|
|
@@ -181,16 +189,16 @@ module ActionController
|
|
181
189
|
# :method: each_key
|
182
190
|
#
|
183
191
|
# :call-seq:
|
184
|
-
#
|
192
|
+
# each_key(&block)
|
185
193
|
#
|
186
|
-
# Calls block once for each key in the parameters, passing the key.
|
187
|
-
#
|
194
|
+
# Calls block once for each key in the parameters, passing the key. If no block
|
195
|
+
# is given, an enumerator is returned instead.
|
188
196
|
|
189
197
|
##
|
190
198
|
# :method: empty?
|
191
199
|
#
|
192
200
|
# :call-seq:
|
193
|
-
#
|
201
|
+
# empty?()
|
194
202
|
#
|
195
203
|
# Returns true if the parameters have no key/value pairs.
|
196
204
|
|
@@ -198,7 +206,7 @@ module ActionController
|
|
198
206
|
# :method: exclude?
|
199
207
|
#
|
200
208
|
# :call-seq:
|
201
|
-
#
|
209
|
+
# exclude?(key)
|
202
210
|
#
|
203
211
|
# Returns true if the given key is not present in the parameters.
|
204
212
|
|
@@ -206,7 +214,7 @@ module ActionController
|
|
206
214
|
# :method: include?
|
207
215
|
#
|
208
216
|
# :call-seq:
|
209
|
-
#
|
217
|
+
# include?(key)
|
210
218
|
#
|
211
219
|
# Returns true if the given key is present in the parameters.
|
212
220
|
|
@@ -214,7 +222,7 @@ module ActionController
|
|
214
222
|
# :method: keys
|
215
223
|
#
|
216
224
|
# :call-seq:
|
217
|
-
#
|
225
|
+
# keys()
|
218
226
|
#
|
219
227
|
# Returns a new array of the keys of the parameters.
|
220
228
|
|
@@ -222,7 +230,7 @@ module ActionController
|
|
222
230
|
# :method: to_s
|
223
231
|
#
|
224
232
|
# :call-seq:
|
225
|
-
#
|
233
|
+
# to_s()
|
226
234
|
#
|
227
235
|
# Returns the content of the parameters as a string.
|
228
236
|
|
@@ -233,39 +241,50 @@ module ActionController
|
|
233
241
|
alias_method :key?, :include?
|
234
242
|
alias_method :member?, :include?
|
235
243
|
|
236
|
-
# By default, never raise an UnpermittedParameters exception if these
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
# config. For instance:
|
244
|
+
# By default, never raise an UnpermittedParameters exception if these params are
|
245
|
+
# present. The default includes both 'controller' and 'action' because they are
|
246
|
+
# added by Rails and should be of no concern. One way to change these is to
|
247
|
+
# specify `always_permitted_parameters` in your config. For instance:
|
241
248
|
#
|
242
|
-
#
|
249
|
+
# config.action_controller.always_permitted_parameters = %w( controller action format )
|
243
250
|
cattr_accessor :always_permitted_parameters, default: %w( controller action )
|
244
251
|
|
245
|
-
cattr_accessor :allow_deprecated_parameters_hash_equality, default: true, instance_accessor: false
|
246
|
-
|
247
252
|
class << self
|
253
|
+
def allow_deprecated_parameters_hash_equality
|
254
|
+
ActionController.deprecator.warn <<-WARNING.squish
|
255
|
+
`Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality` is
|
256
|
+
deprecated and will be removed in Rails 7.3.
|
257
|
+
WARNING
|
258
|
+
end
|
259
|
+
|
260
|
+
def allow_deprecated_parameters_hash_equality=(value)
|
261
|
+
ActionController.deprecator.warn <<-WARNING.squish
|
262
|
+
`Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`
|
263
|
+
is deprecated and will be removed in Rails 7.3.
|
264
|
+
WARNING
|
265
|
+
end
|
266
|
+
|
248
267
|
def nested_attribute?(key, value) # :nodoc:
|
249
268
|
/\A-?\d+\z/.match?(key) && (value.is_a?(Hash) || value.is_a?(Parameters))
|
250
269
|
end
|
251
270
|
end
|
252
271
|
|
253
|
-
# Returns a new
|
254
|
-
#
|
255
|
-
#
|
272
|
+
# Returns a new `ActionController::Parameters` instance. Also, sets the
|
273
|
+
# `permitted` attribute to the default value of
|
274
|
+
# `ActionController::Parameters.permit_all_parameters`.
|
256
275
|
#
|
257
|
-
#
|
258
|
-
#
|
276
|
+
# class Person < ActiveRecord::Base
|
277
|
+
# end
|
259
278
|
#
|
260
|
-
#
|
261
|
-
#
|
262
|
-
#
|
279
|
+
# params = ActionController::Parameters.new(name: "Francesco")
|
280
|
+
# params.permitted? # => false
|
281
|
+
# Person.new(params) # => ActiveModel::ForbiddenAttributesError
|
263
282
|
#
|
264
|
-
#
|
283
|
+
# ActionController::Parameters.permit_all_parameters = true
|
265
284
|
#
|
266
|
-
#
|
267
|
-
#
|
268
|
-
#
|
285
|
+
# params = ActionController::Parameters.new(name: "Francesco")
|
286
|
+
# params.permitted? # => true
|
287
|
+
# Person.new(params) # => #<Person id: nil, name: "Francesco">
|
269
288
|
def initialize(parameters = {}, logging_context = {})
|
270
289
|
parameters.each_key do |key|
|
271
290
|
unless key.is_a?(String) || key.is_a?(Symbol)
|
@@ -278,26 +297,13 @@ module ActionController
|
|
278
297
|
@permitted = self.class.permit_all_parameters
|
279
298
|
end
|
280
299
|
|
281
|
-
# Returns true if another
|
300
|
+
# Returns true if another `Parameters` object contains the same content and
|
282
301
|
# permitted flag.
|
283
302
|
def ==(other)
|
284
303
|
if other.respond_to?(:permitted?)
|
285
304
|
permitted? == other.permitted? && parameters == other.parameters
|
286
305
|
else
|
287
|
-
|
288
|
-
ActionController.deprecator.warn <<-WARNING.squish
|
289
|
-
Comparing equality between `ActionController::Parameters` and a
|
290
|
-
`Hash` is deprecated and will be removed in Rails 7.2. Please only do
|
291
|
-
comparisons between instances of `ActionController::Parameters`. If
|
292
|
-
you need to compare to a hash, first convert it using
|
293
|
-
`ActionController::Parameters#new`.
|
294
|
-
To disable the deprecated behavior set
|
295
|
-
`Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality = false`.
|
296
|
-
WARNING
|
297
|
-
@parameters == other
|
298
|
-
else
|
299
|
-
super
|
300
|
-
end
|
306
|
+
super
|
301
307
|
end
|
302
308
|
end
|
303
309
|
|
@@ -311,18 +317,18 @@ module ActionController
|
|
311
317
|
[self.class, @parameters, @permitted].hash
|
312
318
|
end
|
313
319
|
|
314
|
-
# Returns a safe ActiveSupport::HashWithIndifferentAccess
|
315
|
-
#
|
320
|
+
# Returns a safe ActiveSupport::HashWithIndifferentAccess representation of the
|
321
|
+
# parameters with all unpermitted keys removed.
|
316
322
|
#
|
317
|
-
#
|
318
|
-
#
|
319
|
-
#
|
320
|
-
#
|
321
|
-
#
|
322
|
-
#
|
323
|
+
# params = ActionController::Parameters.new({
|
324
|
+
# name: "Senjougahara Hitagi",
|
325
|
+
# oddity: "Heavy stone crab"
|
326
|
+
# })
|
327
|
+
# params.to_h
|
328
|
+
# # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
|
323
329
|
#
|
324
|
-
#
|
325
|
-
#
|
330
|
+
# safe_params = params.permit(:name)
|
331
|
+
# safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
|
326
332
|
def to_h(&block)
|
327
333
|
if permitted?
|
328
334
|
convert_parameters_to_hashes(@parameters, :to_h, &block)
|
@@ -331,18 +337,18 @@ module ActionController
|
|
331
337
|
end
|
332
338
|
end
|
333
339
|
|
334
|
-
# Returns a safe
|
335
|
-
#
|
340
|
+
# Returns a safe `Hash` representation of the parameters with all unpermitted
|
341
|
+
# keys removed.
|
336
342
|
#
|
337
|
-
#
|
338
|
-
#
|
339
|
-
#
|
340
|
-
#
|
341
|
-
#
|
342
|
-
#
|
343
|
+
# params = ActionController::Parameters.new({
|
344
|
+
# name: "Senjougahara Hitagi",
|
345
|
+
# oddity: "Heavy stone crab"
|
346
|
+
# })
|
347
|
+
# params.to_hash
|
348
|
+
# # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
|
343
349
|
#
|
344
|
-
#
|
345
|
-
#
|
350
|
+
# safe_params = params.permit(:name)
|
351
|
+
# safe_params.to_hash # => {"name"=>"Senjougahara Hitagi"}
|
346
352
|
def to_hash
|
347
353
|
to_h.to_hash
|
348
354
|
end
|
@@ -350,29 +356,29 @@ module ActionController
|
|
350
356
|
# Returns a string representation of the receiver suitable for use as a URL
|
351
357
|
# query string:
|
352
358
|
#
|
353
|
-
#
|
354
|
-
#
|
355
|
-
#
|
356
|
-
#
|
357
|
-
#
|
358
|
-
#
|
359
|
+
# params = ActionController::Parameters.new({
|
360
|
+
# name: "David",
|
361
|
+
# nationality: "Danish"
|
362
|
+
# })
|
363
|
+
# params.to_query
|
364
|
+
# # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
|
359
365
|
#
|
360
|
-
#
|
361
|
-
#
|
362
|
-
#
|
366
|
+
# safe_params = params.permit(:name, :nationality)
|
367
|
+
# safe_params.to_query
|
368
|
+
# # => "name=David&nationality=Danish"
|
363
369
|
#
|
364
370
|
# An optional namespace can be passed to enclose key names:
|
365
371
|
#
|
366
|
-
#
|
367
|
-
#
|
368
|
-
#
|
369
|
-
#
|
370
|
-
#
|
371
|
-
#
|
372
|
-
#
|
372
|
+
# params = ActionController::Parameters.new({
|
373
|
+
# name: "David",
|
374
|
+
# nationality: "Danish"
|
375
|
+
# })
|
376
|
+
# safe_params = params.permit(:name, :nationality)
|
377
|
+
# safe_params.to_query("user")
|
378
|
+
# # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish"
|
373
379
|
#
|
374
|
-
# The string pairs
|
375
|
-
#
|
380
|
+
# The string pairs `"key=value"` that conform the query string are sorted
|
381
|
+
# lexicographically in ascending order.
|
376
382
|
def to_query(*args)
|
377
383
|
to_h.to_query(*args)
|
378
384
|
end
|
@@ -381,19 +387,19 @@ module ActionController
|
|
381
387
|
# Returns an unsafe, unfiltered ActiveSupport::HashWithIndifferentAccess
|
382
388
|
# representation of the parameters.
|
383
389
|
#
|
384
|
-
#
|
385
|
-
#
|
386
|
-
#
|
387
|
-
#
|
388
|
-
#
|
389
|
-
#
|
390
|
+
# params = ActionController::Parameters.new({
|
391
|
+
# name: "Senjougahara Hitagi",
|
392
|
+
# oddity: "Heavy stone crab"
|
393
|
+
# })
|
394
|
+
# params.to_unsafe_h
|
395
|
+
# # => {"name"=>"Senjougahara Hitagi", "oddity" => "Heavy stone crab"}
|
390
396
|
def to_unsafe_h
|
391
397
|
convert_parameters_to_hashes(@parameters, :to_unsafe_h)
|
392
398
|
end
|
393
399
|
alias_method :to_unsafe_hash, :to_unsafe_h
|
394
400
|
|
395
|
-
# Convert all hashes in values into parameters, then yield each pair in
|
396
|
-
#
|
401
|
+
# Convert all hashes in values into parameters, then yield each pair in the same
|
402
|
+
# way as `Hash#each_pair`.
|
397
403
|
def each_pair(&block)
|
398
404
|
return to_enum(__callee__) unless block_given?
|
399
405
|
@parameters.each_pair do |key, value|
|
@@ -404,8 +410,8 @@ module ActionController
|
|
404
410
|
end
|
405
411
|
alias_method :each, :each_pair
|
406
412
|
|
407
|
-
# Convert all hashes in values into parameters, then yield each value in
|
408
|
-
#
|
413
|
+
# Convert all hashes in values into parameters, then yield each value in the
|
414
|
+
# same way as `Hash#each_value`.
|
409
415
|
def each_value(&block)
|
410
416
|
return to_enum(:each_value) unless block_given?
|
411
417
|
@parameters.each_pair do |key, value|
|
@@ -421,38 +427,38 @@ module ActionController
|
|
421
427
|
end
|
422
428
|
|
423
429
|
# Attribute that keeps track of converted arrays, if any, to avoid double
|
424
|
-
# looping in the common use case permit + mass-assignment. Defined in a
|
425
|
-
#
|
430
|
+
# looping in the common use case permit + mass-assignment. Defined in a method
|
431
|
+
# to instantiate it only if needed.
|
426
432
|
#
|
427
|
-
#
|
428
|
-
#
|
429
|
-
#
|
433
|
+
# Testing membership still loops, but it's going to be faster than our own loop
|
434
|
+
# that converts values. Also, we are not going to build a new array object per
|
435
|
+
# fetch.
|
430
436
|
def converted_arrays
|
431
437
|
@converted_arrays ||= Set.new
|
432
438
|
end
|
433
439
|
|
434
|
-
# Returns
|
440
|
+
# Returns `true` if the parameter is permitted, `false` otherwise.
|
435
441
|
#
|
436
|
-
#
|
437
|
-
#
|
438
|
-
#
|
439
|
-
#
|
442
|
+
# params = ActionController::Parameters.new
|
443
|
+
# params.permitted? # => false
|
444
|
+
# params.permit!
|
445
|
+
# params.permitted? # => true
|
440
446
|
def permitted?
|
441
447
|
@permitted
|
442
448
|
end
|
443
449
|
|
444
|
-
# Sets the
|
445
|
-
#
|
450
|
+
# Sets the `permitted` attribute to `true`. This can be used to pass mass
|
451
|
+
# assignment. Returns `self`.
|
446
452
|
#
|
447
|
-
#
|
448
|
-
#
|
453
|
+
# class Person < ActiveRecord::Base
|
454
|
+
# end
|
449
455
|
#
|
450
|
-
#
|
451
|
-
#
|
452
|
-
#
|
453
|
-
#
|
454
|
-
#
|
455
|
-
#
|
456
|
+
# params = ActionController::Parameters.new(name: "Francesco")
|
457
|
+
# params.permitted? # => false
|
458
|
+
# Person.new(params) # => ActiveModel::ForbiddenAttributesError
|
459
|
+
# params.permit!
|
460
|
+
# params.permitted? # => true
|
461
|
+
# Person.new(params) # => #<Person id: nil, name: "Francesco">
|
456
462
|
def permit!
|
457
463
|
each_pair do |key, value|
|
458
464
|
Array.wrap(value).flatten.each do |v|
|
@@ -466,52 +472,51 @@ module ActionController
|
|
466
472
|
|
467
473
|
# This method accepts both a single key and an array of keys.
|
468
474
|
#
|
469
|
-
# When passed a single key, if it exists and its associated value is
|
470
|
-
#
|
475
|
+
# When passed a single key, if it exists and its associated value is either
|
476
|
+
# present or the singleton `false`, returns said value:
|
471
477
|
#
|
472
|
-
#
|
473
|
-
#
|
478
|
+
# ActionController::Parameters.new(person: { name: "Francesco" }).require(:person)
|
479
|
+
# # => #<ActionController::Parameters {"name"=>"Francesco"} permitted: false>
|
474
480
|
#
|
475
481
|
# Otherwise raises ActionController::ParameterMissing:
|
476
482
|
#
|
477
|
-
#
|
478
|
-
#
|
483
|
+
# ActionController::Parameters.new.require(:person)
|
484
|
+
# # ActionController::ParameterMissing: param is missing or the value is empty: person
|
479
485
|
#
|
480
|
-
#
|
481
|
-
#
|
486
|
+
# ActionController::Parameters.new(person: nil).require(:person)
|
487
|
+
# # ActionController::ParameterMissing: param is missing or the value is empty: person
|
482
488
|
#
|
483
|
-
#
|
484
|
-
#
|
489
|
+
# ActionController::Parameters.new(person: "\t").require(:person)
|
490
|
+
# # ActionController::ParameterMissing: param is missing or the value is empty: person
|
485
491
|
#
|
486
|
-
#
|
487
|
-
#
|
492
|
+
# ActionController::Parameters.new(person: {}).require(:person)
|
493
|
+
# # ActionController::ParameterMissing: param is missing or the value is empty: person
|
488
494
|
#
|
489
|
-
# When given an array of keys, the method tries to require each one of them
|
490
|
-
#
|
491
|
-
# returned:
|
495
|
+
# When given an array of keys, the method tries to require each one of them in
|
496
|
+
# order. If it succeeds, an array with the respective return values is returned:
|
492
497
|
#
|
493
|
-
#
|
494
|
-
#
|
498
|
+
# params = ActionController::Parameters.new(user: { ... }, profile: { ... })
|
499
|
+
# user_params, profile_params = params.require([:user, :profile])
|
495
500
|
#
|
496
501
|
# Otherwise, the method re-raises the first exception found:
|
497
502
|
#
|
498
|
-
#
|
499
|
-
#
|
500
|
-
#
|
503
|
+
# params = ActionController::Parameters.new(user: {}, profile: {})
|
504
|
+
# user_params, profile_params = params.require([:user, :profile])
|
505
|
+
# # ActionController::ParameterMissing: param is missing or the value is empty: user
|
501
506
|
#
|
502
507
|
# Technically this method can be used to fetch terminal values:
|
503
508
|
#
|
504
|
-
#
|
505
|
-
#
|
506
|
-
#
|
509
|
+
# # CAREFUL
|
510
|
+
# params = ActionController::Parameters.new(person: { name: "Finn" })
|
511
|
+
# name = params.require(:person).require(:name) # CAREFUL
|
507
512
|
#
|
508
513
|
# but take into account that at some point those ones have to be permitted:
|
509
514
|
#
|
510
|
-
#
|
511
|
-
#
|
512
|
-
#
|
515
|
+
# def person_params
|
516
|
+
# params.require(:person).permit(:name).tap do |person_params|
|
517
|
+
# person_params.require(:name) # SAFER
|
518
|
+
# end
|
513
519
|
# end
|
514
|
-
# end
|
515
520
|
#
|
516
521
|
# for example.
|
517
522
|
def require(key)
|
@@ -526,119 +531,120 @@ module ActionController
|
|
526
531
|
|
527
532
|
alias :required :require
|
528
533
|
|
529
|
-
# Returns a new
|
530
|
-
#
|
531
|
-
#
|
532
|
-
#
|
534
|
+
# Returns a new `ActionController::Parameters` instance that includes only the
|
535
|
+
# given `filters` and sets the `permitted` attribute for the object to `true`.
|
536
|
+
# This is useful for limiting which attributes should be allowed for mass
|
537
|
+
# updating.
|
533
538
|
#
|
534
|
-
#
|
535
|
-
#
|
536
|
-
#
|
537
|
-
#
|
538
|
-
#
|
539
|
-
#
|
539
|
+
# params = ActionController::Parameters.new(user: { name: "Francesco", age: 22, role: "admin" })
|
540
|
+
# permitted = params.require(:user).permit(:name, :age)
|
541
|
+
# permitted.permitted? # => true
|
542
|
+
# permitted.has_key?(:name) # => true
|
543
|
+
# permitted.has_key?(:age) # => true
|
544
|
+
# permitted.has_key?(:role) # => false
|
540
545
|
#
|
541
546
|
# Only permitted scalars pass the filter. For example, given
|
542
547
|
#
|
543
|
-
#
|
544
|
-
#
|
545
|
-
#
|
546
|
-
#
|
547
|
-
#
|
548
|
-
#
|
549
|
-
#
|
550
|
-
#
|
551
|
-
#
|
552
|
-
#
|
553
|
-
#
|
554
|
-
#
|
555
|
-
#
|
556
|
-
#
|
557
|
-
#
|
558
|
-
#
|
559
|
-
#
|
560
|
-
#
|
561
|
-
#
|
562
|
-
#
|
563
|
-
#
|
564
|
-
#
|
565
|
-
#
|
566
|
-
#
|
567
|
-
#
|
568
|
-
#
|
569
|
-
#
|
570
|
-
#
|
571
|
-
#
|
572
|
-
#
|
573
|
-
#
|
574
|
-
#
|
575
|
-
# }
|
576
|
-
# }
|
577
|
-
#
|
578
|
-
#
|
579
|
-
#
|
580
|
-
#
|
581
|
-
#
|
582
|
-
#
|
583
|
-
#
|
584
|
-
#
|
585
|
-
#
|
586
|
-
#
|
587
|
-
#
|
588
|
-
#
|
589
|
-
#
|
590
|
-
#
|
591
|
-
#
|
592
|
-
#
|
593
|
-
#
|
594
|
-
#
|
548
|
+
# params.permit(:name)
|
549
|
+
#
|
550
|
+
# `:name` passes if it is a key of `params` whose associated value is of type
|
551
|
+
# `String`, `Symbol`, `NilClass`, `Numeric`, `TrueClass`, `FalseClass`, `Date`,
|
552
|
+
# `Time`, `DateTime`, `StringIO`, `IO`, ActionDispatch::Http::UploadedFile or
|
553
|
+
# `Rack::Test::UploadedFile`. Otherwise, the key `:name` is filtered out.
|
554
|
+
#
|
555
|
+
# You may declare that the parameter should be an array of permitted scalars by
|
556
|
+
# mapping it to an empty array:
|
557
|
+
#
|
558
|
+
# params = ActionController::Parameters.new(tags: ["rails", "parameters"])
|
559
|
+
# params.permit(tags: [])
|
560
|
+
#
|
561
|
+
# Sometimes it is not possible or convenient to declare the valid keys of a hash
|
562
|
+
# parameter or its internal structure. Just map to an empty hash:
|
563
|
+
#
|
564
|
+
# params.permit(preferences: {})
|
565
|
+
#
|
566
|
+
# Be careful because this opens the door to arbitrary input. In this case,
|
567
|
+
# `permit` ensures values in the returned structure are permitted scalars and
|
568
|
+
# filters out anything else.
|
569
|
+
#
|
570
|
+
# You can also use `permit` on nested parameters, like:
|
571
|
+
#
|
572
|
+
# params = ActionController::Parameters.new({
|
573
|
+
# person: {
|
574
|
+
# name: "Francesco",
|
575
|
+
# age: 22,
|
576
|
+
# pets: [{
|
577
|
+
# name: "Purplish",
|
578
|
+
# category: "dogs"
|
579
|
+
# }]
|
580
|
+
# }
|
581
|
+
# })
|
582
|
+
#
|
583
|
+
# permitted = params.permit(person: [ :name, { pets: :name } ])
|
584
|
+
# permitted.permitted? # => true
|
585
|
+
# permitted[:person][:name] # => "Francesco"
|
586
|
+
# permitted[:person][:age] # => nil
|
587
|
+
# permitted[:person][:pets][0][:name] # => "Purplish"
|
588
|
+
# permitted[:person][:pets][0][:category] # => nil
|
589
|
+
#
|
590
|
+
# Note that if you use `permit` in a key that points to a hash, it won't allow
|
591
|
+
# all the hash. You also need to specify which attributes inside the hash should
|
592
|
+
# be permitted.
|
593
|
+
#
|
594
|
+
# params = ActionController::Parameters.new({
|
595
|
+
# person: {
|
596
|
+
# contact: {
|
597
|
+
# email: "none@test.com",
|
598
|
+
# phone: "555-1234"
|
599
|
+
# }
|
595
600
|
# }
|
596
|
-
# }
|
597
|
-
#
|
598
|
-
#
|
599
|
-
#
|
600
|
-
#
|
601
|
-
#
|
602
|
-
#
|
603
|
-
#
|
604
|
-
#
|
605
|
-
#
|
606
|
-
#
|
607
|
-
#
|
608
|
-
#
|
609
|
-
#
|
610
|
-
#
|
611
|
-
#
|
612
|
-
#
|
613
|
-
#
|
614
|
-
#
|
615
|
-
#
|
616
|
-
#
|
617
|
-
#
|
618
|
-
#
|
619
|
-
#
|
620
|
-
#
|
621
|
-
#
|
622
|
-
#
|
623
|
-
#
|
624
|
-
#
|
625
|
-
#
|
626
|
-
# If you want to specify what keys you want from each numeric key, you can
|
627
|
-
#
|
628
|
-
#
|
629
|
-
#
|
630
|
-
#
|
631
|
-
#
|
632
|
-
#
|
633
|
-
#
|
634
|
-
#
|
635
|
-
#
|
636
|
-
#
|
637
|
-
#
|
638
|
-
#
|
639
|
-
#
|
640
|
-
#
|
641
|
-
#
|
601
|
+
# })
|
602
|
+
#
|
603
|
+
# params.require(:person).permit(:contact)
|
604
|
+
# # => #<ActionController::Parameters {} permitted: true>
|
605
|
+
#
|
606
|
+
# params.require(:person).permit(contact: :phone)
|
607
|
+
# # => #<ActionController::Parameters {"contact"=>#<ActionController::Parameters {"phone"=>"555-1234"} permitted: true>} permitted: true>
|
608
|
+
#
|
609
|
+
# params.require(:person).permit(contact: [ :email, :phone ])
|
610
|
+
# # => #<ActionController::Parameters {"contact"=>#<ActionController::Parameters {"email"=>"none@test.com", "phone"=>"555-1234"} permitted: true>} permitted: true>
|
611
|
+
#
|
612
|
+
# If your parameters specify multiple parameters indexed by a number, you can
|
613
|
+
# permit each set of parameters under the numeric key to be the same using the
|
614
|
+
# same syntax as permitting a single item.
|
615
|
+
#
|
616
|
+
# params = ActionController::Parameters.new({
|
617
|
+
# person: {
|
618
|
+
# '0': {
|
619
|
+
# email: "none@test.com",
|
620
|
+
# phone: "555-1234"
|
621
|
+
# },
|
622
|
+
# '1': {
|
623
|
+
# email: "nothing@test.com",
|
624
|
+
# phone: "555-6789"
|
625
|
+
# },
|
626
|
+
# }
|
627
|
+
# })
|
628
|
+
# params.permit(person: [:email]).to_h
|
629
|
+
# # => {"person"=>{"0"=>{"email"=>"none@test.com"}, "1"=>{"email"=>"nothing@test.com"}}}
|
630
|
+
#
|
631
|
+
# If you want to specify what keys you want from each numeric key, you can
|
632
|
+
# instead specify each one individually
|
633
|
+
#
|
634
|
+
# params = ActionController::Parameters.new({
|
635
|
+
# person: {
|
636
|
+
# '0': {
|
637
|
+
# email: "none@test.com",
|
638
|
+
# phone: "555-1234"
|
639
|
+
# },
|
640
|
+
# '1': {
|
641
|
+
# email: "nothing@test.com",
|
642
|
+
# phone: "555-6789"
|
643
|
+
# },
|
644
|
+
# }
|
645
|
+
# })
|
646
|
+
# params.permit(person: { '0': [:email], '1': [:phone]}).to_h
|
647
|
+
# # => {"person"=>{"0"=>{"email"=>"none@test.com"}, "1"=>{"phone"=>"555-6789"}}}
|
642
648
|
def permit(*filters)
|
643
649
|
params = self.class.new
|
644
650
|
|
@@ -656,35 +662,34 @@ module ActionController
|
|
656
662
|
params.permit!
|
657
663
|
end
|
658
664
|
|
659
|
-
# Returns a parameter for the given
|
660
|
-
# returns +nil+.
|
665
|
+
# Returns a parameter for the given `key`. If not found, returns `nil`.
|
661
666
|
#
|
662
|
-
#
|
663
|
-
#
|
664
|
-
#
|
667
|
+
# params = ActionController::Parameters.new(person: { name: "Francesco" })
|
668
|
+
# params[:person] # => #<ActionController::Parameters {"name"=>"Francesco"} permitted: false>
|
669
|
+
# params[:none] # => nil
|
665
670
|
def [](key)
|
666
671
|
convert_hashes_to_parameters(key, @parameters[key])
|
667
672
|
end
|
668
673
|
|
669
|
-
# Assigns a value to a given
|
674
|
+
# Assigns a value to a given `key`. The given key may still get filtered out
|
670
675
|
# when #permit is called.
|
671
676
|
def []=(key, value)
|
672
677
|
@parameters[key] = value
|
673
678
|
end
|
674
679
|
|
675
|
-
# Returns a parameter for the given
|
676
|
-
#
|
677
|
-
#
|
678
|
-
#
|
679
|
-
#
|
680
|
-
#
|
681
|
-
#
|
682
|
-
#
|
683
|
-
#
|
684
|
-
#
|
685
|
-
#
|
686
|
-
#
|
687
|
-
#
|
680
|
+
# Returns a parameter for the given `key`. If the `key` can't be found, there
|
681
|
+
# are several options: With no other arguments, it will raise an
|
682
|
+
# ActionController::ParameterMissing error; if a second argument is given, then
|
683
|
+
# that is returned (converted to an instance of `ActionController::Parameters`
|
684
|
+
# if possible); if a block is given, then that will be run and its result
|
685
|
+
# returned.
|
686
|
+
#
|
687
|
+
# params = ActionController::Parameters.new(person: { name: "Francesco" })
|
688
|
+
# params.fetch(:person) # => #<ActionController::Parameters {"name"=>"Francesco"} permitted: false>
|
689
|
+
# params.fetch(:none) # => ActionController::ParameterMissing: param is missing or the value is empty: none
|
690
|
+
# params.fetch(:none, {}) # => #<ActionController::Parameters {} permitted: false>
|
691
|
+
# params.fetch(:none, "Francesco") # => "Francesco"
|
692
|
+
# params.fetch(:none) { "Francesco" } # => "Francesco"
|
688
693
|
def fetch(key, *args)
|
689
694
|
convert_value_to_parameters(
|
690
695
|
@parameters.fetch(key) {
|
@@ -697,44 +702,43 @@ module ActionController
|
|
697
702
|
)
|
698
703
|
end
|
699
704
|
|
700
|
-
# Extracts the nested parameter from the given
|
701
|
-
#
|
705
|
+
# Extracts the nested parameter from the given `keys` by calling `dig` at each
|
706
|
+
# step. Returns `nil` if any intermediate step is `nil`.
|
702
707
|
#
|
703
|
-
#
|
704
|
-
#
|
705
|
-
#
|
708
|
+
# params = ActionController::Parameters.new(foo: { bar: { baz: 1 } })
|
709
|
+
# params.dig(:foo, :bar, :baz) # => 1
|
710
|
+
# params.dig(:foo, :zot, :xyz) # => nil
|
706
711
|
#
|
707
|
-
#
|
708
|
-
#
|
712
|
+
# params2 = ActionController::Parameters.new(foo: [10, 11, 12])
|
713
|
+
# params2.dig(:foo, 1) # => 11
|
709
714
|
def dig(*keys)
|
710
715
|
convert_hashes_to_parameters(keys.first, @parameters[keys.first])
|
711
716
|
@parameters.dig(*keys)
|
712
717
|
end
|
713
718
|
|
714
|
-
# Returns a new
|
715
|
-
#
|
716
|
-
# don't exist, returns an empty hash.
|
719
|
+
# Returns a new `ActionController::Parameters` instance that includes only the
|
720
|
+
# given `keys`. If the given `keys` don't exist, returns an empty hash.
|
717
721
|
#
|
718
|
-
#
|
719
|
-
#
|
720
|
-
#
|
722
|
+
# params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
|
723
|
+
# params.slice(:a, :b) # => #<ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
|
724
|
+
# params.slice(:d) # => #<ActionController::Parameters {} permitted: false>
|
721
725
|
def slice(*keys)
|
722
726
|
new_instance_with_inherited_permitted_status(@parameters.slice(*keys))
|
723
727
|
end
|
724
728
|
|
725
|
-
# Returns the current
|
726
|
-
#
|
729
|
+
# Returns the current `ActionController::Parameters` instance which contains
|
730
|
+
# only the given `keys`.
|
727
731
|
def slice!(*keys)
|
728
732
|
@parameters.slice!(*keys)
|
729
733
|
self
|
730
734
|
end
|
731
735
|
|
732
|
-
# Returns a new
|
733
|
-
#
|
736
|
+
# Returns a new `ActionController::Parameters` instance that filters out the
|
737
|
+
# given `keys`.
|
734
738
|
#
|
735
|
-
#
|
736
|
-
#
|
737
|
-
#
|
739
|
+
# params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
|
740
|
+
# params.except(:a, :b) # => #<ActionController::Parameters {"c"=>3} permitted: false>
|
741
|
+
# params.except(:d) # => #<ActionController::Parameters {"a"=>1, "b"=>2, "c"=>3} permitted: false>
|
738
742
|
def except(*keys)
|
739
743
|
new_instance_with_inherited_permitted_status(@parameters.except(*keys))
|
740
744
|
end
|
@@ -742,19 +746,19 @@ module ActionController
|
|
742
746
|
|
743
747
|
# Removes and returns the key/value pairs matching the given keys.
|
744
748
|
#
|
745
|
-
#
|
746
|
-
#
|
747
|
-
#
|
749
|
+
# params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
|
750
|
+
# params.extract!(:a, :b) # => #<ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
|
751
|
+
# params # => #<ActionController::Parameters {"c"=>3} permitted: false>
|
748
752
|
def extract!(*keys)
|
749
753
|
new_instance_with_inherited_permitted_status(@parameters.extract!(*keys))
|
750
754
|
end
|
751
755
|
|
752
|
-
# Returns a new
|
753
|
-
# running
|
756
|
+
# Returns a new `ActionController::Parameters` instance with the results of
|
757
|
+
# running `block` once for every value. The keys are unchanged.
|
754
758
|
#
|
755
|
-
#
|
756
|
-
#
|
757
|
-
#
|
759
|
+
# params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
|
760
|
+
# params.transform_values { |x| x * 2 }
|
761
|
+
# # => #<ActionController::Parameters {"a"=>2, "b"=>4, "c"=>6} permitted: false>
|
758
762
|
def transform_values
|
759
763
|
return to_enum(:transform_values) unless block_given?
|
760
764
|
new_instance_with_inherited_permitted_status(
|
@@ -763,15 +767,15 @@ module ActionController
|
|
763
767
|
end
|
764
768
|
|
765
769
|
# Performs values transformation and returns the altered
|
766
|
-
#
|
770
|
+
# `ActionController::Parameters` instance.
|
767
771
|
def transform_values!
|
768
772
|
return to_enum(:transform_values!) unless block_given?
|
769
773
|
@parameters.transform_values! { |v| yield convert_value_to_parameters(v) }
|
770
774
|
self
|
771
775
|
end
|
772
776
|
|
773
|
-
# Returns a new
|
774
|
-
#
|
777
|
+
# Returns a new `ActionController::Parameters` instance with the results of
|
778
|
+
# running `block` once for every key. The values are unchanged.
|
775
779
|
def transform_keys(&block)
|
776
780
|
return to_enum(:transform_keys) unless block_given?
|
777
781
|
new_instance_with_inherited_permitted_status(
|
@@ -780,53 +784,53 @@ module ActionController
|
|
780
784
|
end
|
781
785
|
|
782
786
|
# Performs keys transformation and returns the altered
|
783
|
-
#
|
787
|
+
# `ActionController::Parameters` instance.
|
784
788
|
def transform_keys!(&block)
|
785
789
|
return to_enum(:transform_keys!) unless block_given?
|
786
790
|
@parameters.transform_keys!(&block)
|
787
791
|
self
|
788
792
|
end
|
789
793
|
|
790
|
-
# Returns a new
|
791
|
-
#
|
792
|
-
#
|
794
|
+
# Returns a new `ActionController::Parameters` instance with the results of
|
795
|
+
# running `block` once for every key. This includes the keys from the root hash
|
796
|
+
# and from all nested hashes and arrays. The values are unchanged.
|
793
797
|
def deep_transform_keys(&block)
|
794
798
|
new_instance_with_inherited_permitted_status(
|
795
799
|
_deep_transform_keys_in_object(@parameters, &block).to_unsafe_h
|
796
800
|
)
|
797
801
|
end
|
798
802
|
|
799
|
-
# Returns the same
|
800
|
-
#
|
801
|
-
#
|
803
|
+
# Returns the same `ActionController::Parameters` instance with changed keys.
|
804
|
+
# This includes the keys from the root hash and from all nested hashes and
|
805
|
+
# arrays. The values are unchanged.
|
802
806
|
def deep_transform_keys!(&block)
|
803
807
|
@parameters = _deep_transform_keys_in_object(@parameters, &block).to_unsafe_h
|
804
808
|
self
|
805
809
|
end
|
806
810
|
|
807
|
-
# Deletes a key-value pair from
|
808
|
-
#
|
809
|
-
#
|
810
|
-
#
|
811
|
+
# Deletes a key-value pair from `Parameters` and returns the value. If `key` is
|
812
|
+
# not found, returns `nil` (or, with optional code block, yields `key` and
|
813
|
+
# returns the result). This method is similar to #extract!, which returns the
|
814
|
+
# corresponding `ActionController::Parameters` object.
|
811
815
|
def delete(key, &block)
|
812
816
|
convert_value_to_parameters(@parameters.delete(key, &block))
|
813
817
|
end
|
814
818
|
|
815
|
-
# Returns a new
|
816
|
-
#
|
819
|
+
# Returns a new `ActionController::Parameters` instance with only items that the
|
820
|
+
# block evaluates to true.
|
817
821
|
def select(&block)
|
818
822
|
new_instance_with_inherited_permitted_status(@parameters.select(&block))
|
819
823
|
end
|
820
824
|
|
821
|
-
# Equivalent to Hash#keep_if, but returns
|
825
|
+
# Equivalent to Hash#keep_if, but returns `nil` if no changes were made.
|
822
826
|
def select!(&block)
|
823
827
|
@parameters.select!(&block)
|
824
828
|
self
|
825
829
|
end
|
826
830
|
alias_method :keep_if, :select!
|
827
831
|
|
828
|
-
# Returns a new
|
829
|
-
#
|
832
|
+
# Returns a new `ActionController::Parameters` instance with items that the
|
833
|
+
# block evaluates to true removed.
|
830
834
|
def reject(&block)
|
831
835
|
new_instance_with_inherited_permitted_status(@parameters.reject(&block))
|
832
836
|
end
|
@@ -838,24 +842,26 @@ module ActionController
|
|
838
842
|
end
|
839
843
|
alias_method :delete_if, :reject!
|
840
844
|
|
841
|
-
# Returns a new
|
845
|
+
# Returns a new `ActionController::Parameters` instance with `nil` values
|
846
|
+
# removed.
|
842
847
|
def compact
|
843
848
|
new_instance_with_inherited_permitted_status(@parameters.compact)
|
844
849
|
end
|
845
850
|
|
846
|
-
# Removes all
|
851
|
+
# Removes all `nil` values in place and returns `self`, or `nil` if no changes
|
852
|
+
# were made.
|
847
853
|
def compact!
|
848
854
|
self if @parameters.compact!
|
849
855
|
end
|
850
856
|
|
851
|
-
# Returns a new
|
852
|
-
# Uses Object#blank? for determining if a value is blank.
|
857
|
+
# Returns a new `ActionController::Parameters` instance without the blank
|
858
|
+
# values. Uses Object#blank? for determining if a value is blank.
|
853
859
|
def compact_blank
|
854
860
|
reject { |_k, v| v.blank? }
|
855
861
|
end
|
856
862
|
|
857
|
-
# Removes all blank values in place and returns self.
|
858
|
-
#
|
863
|
+
# Removes all blank values in place and returns self. Uses Object#blank? for
|
864
|
+
# determining if a value is blank.
|
859
865
|
def compact_blank!
|
860
866
|
reject! { |_k, v| v.blank? }
|
861
867
|
end
|
@@ -867,14 +873,14 @@ module ActionController
|
|
867
873
|
|
868
874
|
alias value? has_value?
|
869
875
|
|
870
|
-
# Returns values that were assigned to the given
|
871
|
-
#
|
876
|
+
# Returns values that were assigned to the given `keys`. Note that all the
|
877
|
+
# `Hash` objects will be converted to `ActionController::Parameters`.
|
872
878
|
def values_at(*keys)
|
873
879
|
convert_value_to_parameters(@parameters.values_at(*keys))
|
874
880
|
end
|
875
881
|
|
876
|
-
# Returns a new
|
877
|
-
#
|
882
|
+
# Returns a new `ActionController::Parameters` instance with all keys from
|
883
|
+
# `other_hash` merged into current hash.
|
878
884
|
def merge(other_hash)
|
879
885
|
new_instance_with_inherited_permitted_status(
|
880
886
|
@parameters.merge(other_hash.to_h)
|
@@ -884,8 +890,8 @@ module ActionController
|
|
884
890
|
##
|
885
891
|
# :call-seq: merge!(other_hash)
|
886
892
|
#
|
887
|
-
# Returns the current
|
888
|
-
#
|
893
|
+
# Returns the current `ActionController::Parameters` instance with `other_hash`
|
894
|
+
# merged into current hash.
|
889
895
|
def merge!(other_hash, &block)
|
890
896
|
@parameters.merge!(other_hash.to_h, &block)
|
891
897
|
self
|
@@ -895,8 +901,8 @@ module ActionController
|
|
895
901
|
other_hash.is_a?(ActiveSupport::DeepMergeable)
|
896
902
|
end
|
897
903
|
|
898
|
-
# Returns a new
|
899
|
-
#
|
904
|
+
# Returns a new `ActionController::Parameters` instance with all keys from
|
905
|
+
# current hash merged into `other_hash`.
|
900
906
|
def reverse_merge(other_hash)
|
901
907
|
new_instance_with_inherited_permitted_status(
|
902
908
|
other_hash.to_h.merge(@parameters)
|
@@ -904,17 +910,17 @@ module ActionController
|
|
904
910
|
end
|
905
911
|
alias_method :with_defaults, :reverse_merge
|
906
912
|
|
907
|
-
# Returns the current
|
908
|
-
#
|
913
|
+
# Returns the current `ActionController::Parameters` instance with current hash
|
914
|
+
# merged into `other_hash`.
|
909
915
|
def reverse_merge!(other_hash)
|
910
916
|
@parameters.merge!(other_hash.to_h) { |key, left, right| left }
|
911
917
|
self
|
912
918
|
end
|
913
919
|
alias_method :with_defaults!, :reverse_merge!
|
914
920
|
|
915
|
-
# This is required by ActiveModel attribute assignment, so that user can
|
916
|
-
#
|
917
|
-
#
|
921
|
+
# This is required by ActiveModel attribute assignment, so that user can pass
|
922
|
+
# `Parameters` to a mass assignment methods in a model. It should not matter as
|
923
|
+
# we are using `HashWithIndifferentAccess` internally.
|
918
924
|
def stringify_keys # :nodoc:
|
919
925
|
dup
|
920
926
|
end
|
@@ -939,13 +945,13 @@ module ActionController
|
|
939
945
|
@parameters = coder.map.with_indifferent_access
|
940
946
|
@permitted = false
|
941
947
|
when "!ruby/hash-with-ivars:ActionController::Parameters"
|
942
|
-
# YAML 2.0.9's Hash subclass format where keys and values
|
943
|
-
#
|
948
|
+
# YAML 2.0.9's Hash subclass format where keys and values were stored under an
|
949
|
+
# elements hash and `permitted` within an ivars hash.
|
944
950
|
@parameters = coder.map["elements"].with_indifferent_access
|
945
951
|
@permitted = coder.map["ivars"][:@permitted]
|
946
952
|
when "!ruby/object:ActionController::Parameters"
|
947
|
-
# YAML's Object format. Only needed because of the format
|
948
|
-
#
|
953
|
+
# YAML's Object format. Only needed because of the format backwards
|
954
|
+
# compatibility above, otherwise equivalent to YAML's initialization.
|
949
955
|
@parameters, @permitted = coder.map["parameters"], coder.map["permitted"]
|
950
956
|
end
|
951
957
|
end
|
@@ -954,25 +960,26 @@ module ActionController
|
|
954
960
|
coder.map = { "parameters" => @parameters, "permitted" => @permitted }
|
955
961
|
end
|
956
962
|
|
957
|
-
# Returns a duplicate
|
963
|
+
# Returns a duplicate `ActionController::Parameters` instance with the same
|
964
|
+
# permitted parameters.
|
958
965
|
def deep_dup
|
959
966
|
self.class.new(@parameters.deep_dup, @logging_context).tap do |duplicate|
|
960
967
|
duplicate.permitted = @permitted
|
961
968
|
end
|
962
969
|
end
|
963
970
|
|
964
|
-
# Returns parameter value for the given
|
971
|
+
# Returns parameter value for the given `key` separated by `delimiter`.
|
965
972
|
#
|
966
|
-
#
|
967
|
-
#
|
968
|
-
#
|
969
|
-
#
|
973
|
+
# params = ActionController::Parameters.new(id: "1_123", tags: "ruby,rails")
|
974
|
+
# params.extract_value(:id) # => ["1", "123"]
|
975
|
+
# params.extract_value(:tags, delimiter: ",") # => ["ruby", "rails"]
|
976
|
+
# params.extract_value(:non_existent_key) # => nil
|
970
977
|
#
|
971
|
-
# Note that if the given
|
972
|
-
#
|
978
|
+
# Note that if the given `key`'s value contains blank elements, then the
|
979
|
+
# returned array will include empty strings.
|
973
980
|
#
|
974
|
-
#
|
975
|
-
#
|
981
|
+
# params = ActionController::Parameters.new(tags: "ruby,rails,,web")
|
982
|
+
# params.extract_value(:tags, delimiter: ",") # => ["ruby", "rails", "", "web"]
|
976
983
|
def extract_value(key, delimiter: "_")
|
977
984
|
@parameters[key]&.split(delimiter, -1)
|
978
985
|
end
|
@@ -1114,15 +1121,14 @@ module ActionController
|
|
1114
1121
|
#
|
1115
1122
|
# --- Filtering ----------------------------------------------------------
|
1116
1123
|
#
|
1117
|
-
|
1118
|
-
#
|
1119
|
-
# supported in XML and JSON requests.
|
1124
|
+
# This is a list of permitted scalar types that includes the ones supported in
|
1125
|
+
# XML and JSON requests.
|
1120
1126
|
#
|
1121
|
-
# This list is in particular used to filter ordinary requests,
|
1122
|
-
#
|
1127
|
+
# This list is in particular used to filter ordinary requests, String goes as
|
1128
|
+
# first element to quickly short-circuit the common case.
|
1123
1129
|
#
|
1124
|
-
# If you modify this collection please update the one in the #permit doc
|
1125
|
-
#
|
1130
|
+
# If you modify this collection please update the one in the #permit doc as
|
1131
|
+
# well.
|
1126
1132
|
PERMITTED_SCALAR_TYPES = [
|
1127
1133
|
String,
|
1128
1134
|
Symbol,
|
@@ -1147,12 +1153,12 @@ module ActionController
|
|
1147
1153
|
#
|
1148
1154
|
# For example:
|
1149
1155
|
#
|
1150
|
-
#
|
1151
|
-
#
|
1156
|
+
# puts self.keys #=> ["zipcode(90210i)"]
|
1157
|
+
# params = {}
|
1152
1158
|
#
|
1153
|
-
#
|
1159
|
+
# permitted_scalar_filter(params, "zipcode")
|
1154
1160
|
#
|
1155
|
-
#
|
1161
|
+
# puts params.keys # => ["zipcode"]
|
1156
1162
|
def permitted_scalar_filter(params, permitted_key)
|
1157
1163
|
permitted_key = permitted_key.to_s
|
1158
1164
|
|
@@ -1247,77 +1253,76 @@ module ActionController
|
|
1247
1253
|
end
|
1248
1254
|
end
|
1249
1255
|
|
1250
|
-
#
|
1256
|
+
# # Strong Parameters
|
1251
1257
|
#
|
1252
|
-
# It provides an interface for protecting attributes from end-user
|
1253
|
-
#
|
1254
|
-
#
|
1255
|
-
# enumerated.
|
1258
|
+
# It provides an interface for protecting attributes from end-user assignment.
|
1259
|
+
# This makes Action Controller parameters forbidden to be used in Active Model
|
1260
|
+
# mass assignment until they have been explicitly enumerated.
|
1256
1261
|
#
|
1257
1262
|
# In addition, parameters can be marked as required and flow through a
|
1258
|
-
# predefined raise/rescue flow to end up as a
|
1259
|
-
# effort.
|
1260
|
-
#
|
1261
|
-
# class PeopleController < ActionController::Base
|
1262
|
-
# # Using "Person.create(params[:person])" would raise an
|
1263
|
-
# # ActiveModel::ForbiddenAttributesError exception because it'd
|
1264
|
-
# # be using mass assignment without an explicit permit step.
|
1265
|
-
# # This is the recommended form:
|
1266
|
-
# def create
|
1267
|
-
# Person.create(person_params)
|
1268
|
-
# end
|
1263
|
+
# predefined raise/rescue flow to end up as a `400 Bad Request` with no effort.
|
1269
1264
|
#
|
1270
|
-
#
|
1271
|
-
#
|
1272
|
-
#
|
1273
|
-
#
|
1274
|
-
#
|
1275
|
-
#
|
1276
|
-
#
|
1277
|
-
#
|
1278
|
-
# end
|
1265
|
+
# class PeopleController < ActionController::Base
|
1266
|
+
# # Using "Person.create(params[:person])" would raise an
|
1267
|
+
# # ActiveModel::ForbiddenAttributesError exception because it'd
|
1268
|
+
# # be using mass assignment without an explicit permit step.
|
1269
|
+
# # This is the recommended form:
|
1270
|
+
# def create
|
1271
|
+
# Person.create(person_params)
|
1272
|
+
# end
|
1279
1273
|
#
|
1280
|
-
#
|
1281
|
-
# #
|
1282
|
-
# #
|
1283
|
-
# #
|
1284
|
-
#
|
1285
|
-
#
|
1286
|
-
#
|
1274
|
+
# # This will pass with flying colors as long as there's a person key in the
|
1275
|
+
# # parameters, otherwise it'll raise an ActionController::ParameterMissing
|
1276
|
+
# # exception, which will get caught by ActionController::Base and turned
|
1277
|
+
# # into a 400 Bad Request reply.
|
1278
|
+
# def update
|
1279
|
+
# redirect_to current_account.people.find(params[:id]).tap { |person|
|
1280
|
+
# person.update!(person_params)
|
1281
|
+
# }
|
1287
1282
|
# end
|
1288
|
-
# end
|
1289
1283
|
#
|
1290
|
-
#
|
1291
|
-
#
|
1292
|
-
#
|
1284
|
+
# private
|
1285
|
+
# # Using a private method to encapsulate the permissible parameters is
|
1286
|
+
# # a good pattern since you'll be able to reuse the same permit
|
1287
|
+
# # list between create and update. Also, you can specialize this method
|
1288
|
+
# # with per-user checking of permissible attributes.
|
1289
|
+
# def person_params
|
1290
|
+
# params.require(:person).permit(:name, :age)
|
1291
|
+
# end
|
1292
|
+
# end
|
1293
1293
|
#
|
1294
|
-
#
|
1295
|
-
#
|
1296
|
-
#
|
1297
|
-
#
|
1294
|
+
# In order to use `accepts_nested_attributes_for` with Strong Parameters, you
|
1295
|
+
# will need to specify which nested attributes should be permitted. You might
|
1296
|
+
# want to allow `:id` and `:_destroy`, see ActiveRecord::NestedAttributes for
|
1297
|
+
# more information.
|
1298
1298
|
#
|
1299
|
-
#
|
1300
|
-
#
|
1301
|
-
#
|
1299
|
+
# class Person
|
1300
|
+
# has_many :pets
|
1301
|
+
# accepts_nested_attributes_for :pets
|
1302
1302
|
# end
|
1303
1303
|
#
|
1304
|
-
#
|
1304
|
+
# class PeopleController < ActionController::Base
|
1305
|
+
# def create
|
1306
|
+
# Person.create(person_params)
|
1307
|
+
# end
|
1305
1308
|
#
|
1306
|
-
#
|
1309
|
+
# ...
|
1307
1310
|
#
|
1308
|
-
#
|
1309
|
-
#
|
1310
|
-
#
|
1311
|
-
#
|
1312
|
-
#
|
1313
|
-
#
|
1314
|
-
#
|
1311
|
+
# private
|
1312
|
+
#
|
1313
|
+
# def person_params
|
1314
|
+
# # It's mandatory to specify the nested attributes that should be permitted.
|
1315
|
+
# # If you use `permit` with just the key that points to the nested attributes hash,
|
1316
|
+
# # it will return an empty hash.
|
1317
|
+
# params.require(:person).permit(:name, :age, pets_attributes: [ :id, :name, :category ])
|
1318
|
+
# end
|
1319
|
+
# end
|
1315
1320
|
#
|
1316
|
-
# See ActionController::Parameters.require and
|
1317
|
-
# for more information.
|
1321
|
+
# See ActionController::Parameters.require and
|
1322
|
+
# ActionController::Parameters.permit for more information.
|
1318
1323
|
module StrongParameters
|
1319
|
-
# Returns a new ActionController::Parameters object that
|
1320
|
-
#
|
1324
|
+
# Returns a new ActionController::Parameters object that has been instantiated
|
1325
|
+
# with the `request.parameters`.
|
1321
1326
|
def params
|
1322
1327
|
@_params ||= begin
|
1323
1328
|
context = {
|
@@ -1330,9 +1335,9 @@ module ActionController
|
|
1330
1335
|
end
|
1331
1336
|
end
|
1332
1337
|
|
1333
|
-
# Assigns the given
|
1334
|
-
#
|
1335
|
-
#
|
1338
|
+
# Assigns the given `value` to the `params` hash. If `value` is a Hash, this
|
1339
|
+
# will create an ActionController::Parameters object that has been instantiated
|
1340
|
+
# with the given `value` hash.
|
1336
1341
|
def params=(value)
|
1337
1342
|
@_params = value.is_a?(Hash) ? Parameters.new(value) : value
|
1338
1343
|
end
|