[英]Rails: What does calling ActionController::Parameters#permit() achieve when not using the object returned by it?
I understand that calling params.permit(:foo)
creates a new ActionController::Parameters
instance with :foo
whitelisted so that you can instantiate a model with it. 我知道调用params.permit(:foo)
会创建一个新的ActionController::Parameters
实例,并将:foo
列入白名单,以便您可以使用它实例化模型。 But why does the following code in the Discourse CMS call it without using its return value?但是为什么 Discourse CMS 中的以下代码调用它而不使用它的返回值呢?
discourse/app/controllers/drafts_controller.rb
: Github discourse/app/controllers/drafts_controller.rb
: Github上
class DraftsController < ApplicationController
# [...]
def index
# [...]
params.permit(:offset)
params.permit(:limit)
# [...]
opts = {
# [...]
offset: params[:offset],
limit: params[:limit]
}
stream = Draft.stream(opts)
This does look confusing, I agree.这看起来确实令人困惑,我同意。
Judging from the implementation of #permit
and the documentation of ActionController::Params
, this can behave differently depending on the config action_on_unpermitted_parameters
, which accepts :log
and :raise
as values and is nil
by default.从#permit
的实现和ActionController::Params
的文档来看,这可能会根据配置action_on_unpermitted_parameters
不同表现不同,它接受:log
和:raise
作为值,默认情况下nil
。
When action_on_unpermitted_parameters = nil
:当action_on_unpermitted_parameters = nil
:
Calling params.permit(:foo)
will return a new ActionController::Parameters
instance marked as permitted with just that key.调用params.permit(:foo)
将返回一个新的ActionController::Parameters
实例,该实例仅使用该键标记为允许。
If you're not using the return value, this call makes little sense as there's no side effect.如果您不使用返回值,则此调用没有任何意义,因为没有副作用。 The receiver is not mutated.接收器没有变异。
When action_on_unpermitted_parameters = :log
:当action_on_unpermitted_parameters = :log
:
This behaves the same as above, but has the side effect of logging all not permitted keys:这与上面的行为相同,但具有记录所有不允许的键的副作用:
irb> ActionController::Parameters.action_on_unpermitted_parameters = :log
=> :log
irb> params = ActionController::Parameters.new(username: 'john', offset: 5, bogus: 'foo')
=> <ActionController::Parameters {"username"=>"john", "offset"=>5, "bogus"=>"foo"} permitted: false>
irb> params.require(:username)
=> "john"
irb> params.permit(:offset)
Unpermitted parameters: :username, :bogus
=> <ActionController::Parameters {"offset"=>5} permitted: true>
irb> params.permit(:limit)
Unpermitted parameters: :username, :offset, :bogus
=> <ActionController::Parameters {} permitted: true>
As you can see, for each permit
call, you'd get different logs.如您所见,对于每个permit
调用,您会得到不同的日志。 Thus, this would only make sense if the code in that controller would include all permitted (and required) parameters:因此,这只有在该控制器中的代码包含所有允许(和必需)参数时才有意义:
irb> params.permit(:username, :offset, :limit)
Unpermitted parameter: :bogus
=> <ActionController::Parameters {"username"=>"john", "offset"=>5} permitted: true>
When action_on_unpermitted_parameters = :raise
:当action_on_unpermitted_parameters = :raise
:
The effect here is that it raises when the params contain keys that are not allowed.这里的效果是当参数包含不允许的键时它会引发。 Similar to :log
, this also only would make sense when all permitted (and required) keys are specified:与:log
类似,这也只有在指定了所有允许(和必需)的键时才有意义:
irb> ActionController::Parameters.action_on_unpermitted_parameters = :raise
=> :raise
irb> params = ActionController::Parameters.new(username: 'john', offset: 5, bogus: 'foo')
=> <ActionController::Parameters {"username"=>"john", "offset"=>5, "bogus"=>"foo"} permitted: false>
irb> params.require(:username)
=> "john"
irb> params.permit(:offset)
Traceback (most recent call last):
1: from (irb):19
ActionController::UnpermittedParameters (found unpermitted parameters: :username, :bogus)
irb> params.permit(:limit)
Traceback (most recent call last):
2: from (irb):20
1: from (irb):20:in `rescue in irb_binding'
ActionController::UnpermittedParameters (found unpermitted parameters: :username, :offset, :bogus)
Contrast that to including all keys:相比之下,包括所有键:
irb> params.permit(:username, :offset, :limit)
Traceback (most recent call last):
2: from (irb):21
1: from (irb):21:in `rescue in irb_binding'
ActionController::UnpermittedParameters (found unpermitted parameter: :bogus)
Having said that, I couldn't find any occurrence of action_on_unpermitted_parameters
in Discourse's codebase.话虽如此,我在 Discourse 的代码库中找不到任何action_on_unpermitted_parameters
。 Thus, the value is nil
and therefore I conclude that #permit
in that controller action has no effect in terms of functionality.因此,该值为nil
,因此我得出结论,该控制器操作中的#permit
对功能没有影响。
It could be there as a convention serving as documentation where first all required parameters are listed and then all optional ones.它可以作为一个约定作为文档,首先列出所有必需的参数,然后列出所有可选的参数。
Digging deeper, these #permit
calls were introduced in this commit when it was still a separate gem called strong_parameters .深入挖掘,这些#permit
调用是在此提交中引入的,当时它仍然是一个名为strong_parameters的单独 gem。 The behavior of #permit
in that gem was the same as today.该 gem 中#permit
的行为与今天相同。 This makes me think that the author of that commit misunderstood the API of strong_parameters .这让我觉得那个提交的作者误解了strong_parameters的 API。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.