class ActionController::Parameters
def permit(*filters)
params.permit(person: { '0': [:email], '1': [:phone]}).to_h
})
}
},
phone: "555-6789"
email: "nothing@test.com",
'1': {
},
phone: "555-1234"
email: "none@test.com",
'0': {
person: {
params = ActionController::Parameters.new({
If you want to specify what keys you want from each numeric key, you can instead specify each one individually
# => {"person"=>{"0"=>{"email"=>"none@test.com"}, "1"=>{"email"=>"nothing@test.com"}}}
params.permit(person: [:email]).to_h
})
}
},
phone: "555-6789"
email: "nothing@test.com",
'1': {
},
phone: "555-1234"
email: "none@test.com",
'0': {
person: {
params = ActionController::Parameters.new({
you can permit each set of parameters under the numeric key to be the same using the same syntax as permitting a single item.
If your parameters specify multiple parameters indexed by a number,
# => #
params.require(:person).permit(contact: [ :email, :phone ])
# => #
params.require(:person).permit(contact: :phone)
# => #
params.require(:person).permit(:contact)
})
}
}
phone: "555-1234"
email: "none@test.com",
contact: {
person: {
params = ActionController::Parameters.new({
attributes inside the hash should be permitted.
it won't allow all the hash. You also need to specify which
Note that if you use +permit+ in a key that points to a hash,
permitted[:person][:pets][0][:category] # => nil
permitted[:person][:pets][0][:name] # => "Purplish"
permitted[:person][:age] # => nil
permitted[:person][:name] # => "Francesco"
permitted.permitted? # => true
permitted = params.permit(person: [ :name, { pets: :name } ])
})
}
}]
category: "dogs"
name: "Purplish",
pets: [{
age: 22,
name: "Francesco",
person: {
params = ActionController::Parameters.new({
You can also use +permit+ on nested parameters, like:
scalars and filters out anything else.
case, +permit+ ensures values in the returned structure are permitted
Be careful because this opens the door to arbitrary input. In this
params.permit(preferences: {})
a hash parameter or its internal structure. Just map to an empty hash:
Sometimes it is not possible or convenient to declare the valid keys of
params.permit(tags: [])
params = ActionController::Parameters.new(tags: ["rails", "parameters"])
by mapping it to an empty array:
You may declare that the parameter should be an array of permitted scalars
Otherwise, the key +:name+ is filtered out.
ActionDispatch::Http::UploadedFile or +Rack::Test::UploadedFile+.
+Date+, +Time+, +DateTime+, +StringIO+, +IO+,
+String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+,
+:name+ passes if it is a key of +params+ whose associated value is of type
params.permit(:name)
Only permitted scalars pass the filter. For example, given
permitted.has_key?(:role) # => false
permitted.has_key?(:age) # => true
permitted.has_key?(:name) # => true
permitted.permitted? # => true
permitted = params.require(:user).permit(:name, :age)
params = ActionController::Parameters.new(user: { name: "Francesco", age: 22, role: "admin" })
should be allowed for mass updating.
for the object to +true+. This is useful for limiting which attributes
includes only the given +filters+ and sets the +permitted+ attribute
Returns a new +ActionController::Parameters+ instance that
def permit(*filters) params = self.class.new filters.flatten.each do |filter| case filter when Symbol, String permitted_scalar_filter(params, filter) when Hash hash_filter(params, filter) end end unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters params.permit! end