/ Ruby on Rails
/
class

ActionController::Parameters

v8.0.0 - Show latest stable - Superclass: ActiveSupport::HashWithIndifferentAccess

# Action Controller Parameters

Allows you to choose which attributes should be permitted for mass updating and thus prevent accidentally exposing that which shouldn’t be exposed.

Provides methods for filtering and requiring params:

  • `expect` to safely permit and require parameters in one step.

  • `permit` to filter params for mass assignment.

  • `require` to require a parameter or raise an error.

Examples:

params = ActionController::Parameters.new({
  person: {
    name: "Francesco",
    age:  22,
    role: "admin"
  }
})

permitted = params.expect(person: [:name, :age])
permitted # => #<ActionController::Parameters {"name"=>"Francesco", "age"=>22} permitted: true>

Person.first.update!(permitted)
# => #<Person id: 1, name: "Francesco", age: 22, role: "user">

Parameters provides two options that control the top-level behavior of new instances:

  • `permit_all_parameters` - If it’s `true`, all the parameters will be permitted by default. The default is `false`.

  • `action_on_unpermitted_parameters` - Controls behavior when parameters that are not explicitly permitted are found. The default value is `:log` in test and development environments, `false` otherwise. The values can be:

    • `false` to take no action.

    • `:log` to emit an `ActiveSupport::Notifications.instrument` event on the `unpermitted_parameters.action_controller` topic and log at the DEBUG level.

    • `:raise` to raise an ActionController::UnpermittedParameters exception.

Examples:

params = ActionController::Parameters.new
params.permitted? # => false

ActionController::Parameters.permit_all_parameters = true

params = ActionController::Parameters.new
params.permitted? # => true

params = ActionController::Parameters.new(a: "123", b: "456")
params.permit(:c)
# => #<ActionController::Parameters {} permitted: true>

ActionController::Parameters.action_on_unpermitted_parameters = :raise

params = ActionController::Parameters.new(a: "123", b: "456")
params.permit(:c)
# => ActionController::UnpermittedParameters: found unpermitted keys: a, b

Please note that these options *are not thread-safe*. In a multi-threaded environment they should only be set once at boot-time and never mutated at runtime.

You can fetch values of `ActionController::Parameters` using either `:key` or `“key”`.

params = ActionController::Parameters.new(key: "value")
params[:key]  # => "value"
params["key"] # => "value"

Included modules

  • ActiveSupport::DeepMergeable

Constants

EMPTY_ARRAY = []

EMPTY_HASH = {}

PERMITTED_SCALAR_TYPES = [\nString,\nSymbol,\nNilClass,\nNumeric,\nTrueClass,\nFalseClass,\nDate,\nTime,\n# DateTimes are Dates, we document the type but avoid the redundant check.\nStringIO,\nIO,\nActionDispatch::Http::UploadedFile,\nRack::Test::UploadedFile,\n]

Attributes

[R]parameters
[W]permitted

Files

  • actionpack/lib/action_controller/metal/strong_parameters.rb