ActionController::Parameters
Action Controller Parameters
Allows to choose which attributes should be whitelisted for mass updating and thus prevent accidentally exposing that which shouldnât be exposed. Provides two methods for this purpose: #require and #permit. The former is used to mark parameters as required. The latter is used to set the parameter as permitted and limit which attributes should be allowed for mass updating.
params = ActionController::Parameters.new({ person: { name: 'Francesco', age: 22, role: 'admin' } }) permitted = params.require(:person).permit(:name, :age) permitted # => {"name"=>"Francesco", "age"=>22} permitted.class # => ActionController::Parameters permitted.permitted? # => true Person.first.update!(permitted) # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
It provides two options that controls the top-level behavior of new instances:
-
permit_all_parameters - If it’s true, all the parameters will be permitted by default. The default is false.
-
action_on_unpermitted_parameters - Allow to control the behavior when parameters that are not explicitly permitted are found. The values can be :log to write a message on the logger or :raise to raise ActionController::UnpermittedParameters exception. The default value is :log in test and development environments, false otherwise.
Examples:
params = ActionController::Parameters.new params.permitted? # => false ActionController::Parameters.permit_all_parameters = true params = ActionController::Parameters.new params.permitted? # => true params = ActionController::Parameters.new(a: "123", b: "456") params.permit(:c) # => {} ActionController::Parameters.action_on_unpermitted_parameters = :raise params = ActionController::Parameters.new(a: "123", b: "456") params.permit(:c) # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
ActionController::Parameters is inherited from ActiveSupport::HashWithIndifferentAccess, this means that you can fetch values using either :key or "key".
params = ActionController::Parameters.new(key: 'value') params[:key] # => "value" params["key"] # => "value"
Constants
EMPTY_ARRAY = []
NEVER_UNPERMITTED_PARAMS = %w( controller action )
PERMITTED_SCALAR_TYPES = [\nString,\nSymbol,\nNilClass,\nNumeric,\nTrueClass,\nFalseClass,\nDate,\nTime,\n# DateTimes are Dates, we document the type but avoid the redundant check.\nStringIO,\nIO,\nActionDispatch::Http::UploadedFile,\nRack::Test::UploadedFile,\n]
Files
- actionpack/lib/action_controller/metal/strong_parameters.rb
- []
- converted_arrays
- dup
- fetch
- permit
- permit!
- permitted?
- require
- required
- slice
- new
-
permitted= -
array_of_permitted_scalars? - array_of_permitted_scalars_filter
- convert_hashes_to_parameters
- convert_value_to_parameters
- each_element
- fields_for_style?
- hash_filter
- permitted_scalar?
- permitted_scalar_filter
- unpermitted_keys
- unpermitted_parameters!