[英]to_hash and strong_parameters for Rails 5.1 with an array of items
I have the following params declaration: 我有以下参数声明:
def line_item_params
params.require(:line_items).map do |p|
ActionController::Parameters.new(p.to_hash).permit(:quantity, :price, :menu_item_id)
end
end
but get the following error: 但出现以下错误:
Method to_hash is deprecated and will be removed in Rails 5.1, as
ActionController::Parameters
no longer inherits from hash. 方法to_hash已被弃用,并将在Rails 5.1中删除,因为ActionController::Parameters
不再继承自hash。 Using this deprecated behavior exposes potential security problems. 使用此不建议使用的行为会暴露潜在的安全问题。 If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. 如果继续使用此方法,则可能是在您的应用程序中创建了一个可以利用的安全漏洞。 Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.1/classes/ActionController/Parameters.html 相反,请考虑使用不推荐使用以下已记录方法之一: http : //api.rubyonrails.org/v5.0.1/classes/ActionController/Parameters.html
I am just posting an array of items. 我只是张贴一系列物品。 How should this be handled? 应该如何处理?
def line_item_params
# just to raise ActionController::ParameterMissing if key is missing
params.require(:line_items)
# this is the actual whitelist
params.permit(line_items: [:quantity, :price, :menu_item_id])
end
You can whitelist an array of objects by passing a hash option to .permit
with an array containing the keys to whitelist for the nested objects. 您可以通过将散列选项传递给.permit
并将数组包含嵌套对象的白名单的键,从而将对象数组列入白名单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.