Rails 4 Unpermitted Parameters for Array

J

6

64

I have an array field in my model and I'm attempting to update it.

My strong parameter method is below

def post_params
  params["post"]["categories"] = params["post"]["categories"].split(",")

  params.require(:post).permit(:name, :email, :categories)
end

My action in my controller is as follows

def update
  post = Post.find(params[:id]

  if post and post.update_attributes(post_params)
    redirect_to root_url
  else
    redirect_to posts_url
  end
end

However, whenever I submit the update the post, in my development log I see

Unpermitted parameters: categories

The parameters passed through is

  Parameters: {"utf8"=>"✓", "authenticity_token"=>"auth token", "id"=>"10", 

"post"=>{"name"=>"Toni Mitchell", "email"=>"[email protected]", "categories"=>",2"}}

I want to think it has something to do with the fact that the attribute categories is an array since everything else looks fine. Then again, I could be wrong. So, what's wrong with my code and why is not letting me save the categories field when clearly it is permitted to do so? Thanks.

Judijudicable answered 25/7, 2013 at 21:6 Comment(1)

It might be due to the way you are setting the value of the categories parameter, iirc the params object is not a simple hash, have you tried a simpler example? – Devisee 25/7, 2013 at 21:35

D

154

Try this

params.require(:post).permit(:name, :email, :categories => [])

(Disregard my comment, I don't think that matters)

Devisee answered 25/7, 2013 at 21:45 Comment(3)

hi,i have a problem Bid(#69846105528920) expected, got String(#8248680) – Lieu 28/11, 2014 at 16:36

Hi there, is there a way to find a post depending on the categories in the array, example Post.find_by(tags: 'sports') ? – Protozoal 6/7, 2015 at 21:20

It would be nice to also explain why this works @slicedpan – Babin 31/10, 2015 at 8:11

S

46

in rails 4, that would be,

params.require(:post).permit(:name, :email, {:categories => []})

Syncopate answered 3/10, 2013 at 4:24 Comment(1)

This works for me but why does it need to be in a separate hash if we already defined the serialization of that attribute in the model? – Rodarte 5/6, 2014 at 1:3

S

10

The permitted scalar types are String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile and Rack::Test::UploadedFile.

To declare that the value in params must be an array of permitted scalar values map the key to an empty array:

params.permit(:id => [])

This is what the strong parameters documentation on Github says:

params.require(:post).permit(:name, :email, :categories => [])

I hope this works out for you.

Stollings answered 25/7, 2013 at 21:53 Comment(0)

A

3

I had the same problem, but simply adding array to permit was not enough. I had to add type, too. This way:

params.require(:transaction).permit(:name, :tag_ids => [:id])

I am not sure if this is perfect solution, but after that, the 'Unpermitted parameters' log disappeared.

I found hint for that solution from this excellent post: http://patshaughnessy.net/2014/6/16/a-rule-of-thumb-for-strong-parameters

Allometry answered 18/7, 2015 at 8:36 Comment(0)

A

2

If there are multiple items and item_array inside parameters like this-

Parameters {"item_1"=>"value 1", "item_2"=> {"key_1"=> "value A1", 
"key_2"=>["val B2", "val C3"]} }

There we have array inside item_2.
That can be permit as below-

params.permit(item_2: [:key_1, :key_2 => [] ])

Above saved my day, may be helpful for you too.

Aleksandrovsk answered 21/10, 2021 at 11:13 Comment(0)

L

1

I had the same problem but in my case I had also to change from:

<input type="checkbox" name="photographer[attending]" value="Baku">

to:

<input type="checkbox" name="photographer[attending][]" value="Baku">

Hope this is helping someone.

Loris answered 16/4, 2015 at 18:24 Comment(0)

Recommended topics

Hot tags