Rails:当不使用它返回的对象时,调用 ActionController::Parameters#permit() 会实现什么?
[英]Rails: What does calling ActionController::Parameters#permit() achieve when not using the object returned by it?
问题描述
I understand that calling params.permit(:foo) creates a new ActionController::Parameters instance with :foo whitelisted so that you can instantiate a model with it. 
我知道调用params.permit(:foo)会创建一个新的ActionController::Parameters实例,并将:foo列入白名单,以便您可以使用它实例化模型。 But why does the following code in the Discourse CMS call it without using its return value?但是为什么 Discourse CMS 中的以下代码调用它而不使用它的返回值呢?
discourse/app/controllers/drafts_controller.rb : Github discourse/app/controllers/drafts_controller.rb : Github上
class DraftsController < ApplicationController
# [...]
def index
# [...]
params.permit(:offset)
params.permit(:limit)
# [...]
opts = {
# [...]
offset: params[:offset],
limit: params[:limit]
}
stream = Draft.stream(opts)
1 个解决方案
解决方案1
6 已采纳 2019-12-21 09:39:22
This does look confusing, I agree.这看起来确实令人困惑,我同意。
Judging from the implementation of #permit and the documentation of ActionController::Params , this can behave differently depending on the config action_on_unpermitted_parameters , which accepts :log and :raise as values and is nil by default.从#permit的实现和ActionController::Params的文档来看,这可能会根据配置action_on_unpermitted_parameters不同表现不同,它接受:log和:raise作为值,默认情况下nil 。
When action_on_unpermitted_parameters = nil :当action_on_unpermitted_parameters = nil :
Calling params.permit(:foo) will return a new ActionController::Parameters instance marked as permitted with just that key.调用params.permit(:foo)将返回一个新的ActionController::Parameters实例,该实例仅使用该键标记为允许。
If you're not using the return value, this call makes little sense as there's no side effect.如果您不使用返回值,则此调用没有任何意义,因为没有副作用。 The receiver is not mutated.接收器没有变异。
When action_on_unpermitted_parameters = :log :当action_on_unpermitted_parameters = :log :
This behaves the same as above, but has the side effect of logging all not permitted keys:这与上面的行为相同,但具有记录所有不允许的键的副作用:
irb> ActionController::Parameters.action_on_unpermitted_parameters = :log
=> :log
irb> params = ActionController::Parameters.new(username: 'john', offset: 5, bogus: 'foo')
=> <ActionController::Parameters {"username"=>"john", "offset"=>5, "bogus"=>"foo"} permitted: false>
irb> params.require(:username)
=> "john"
irb> params.permit(:offset)
Unpermitted parameters: :username, :bogus
=> <ActionController::Parameters {"offset"=>5} permitted: true>
irb> params.permit(:limit)
Unpermitted parameters: :username, :offset, :bogus
=> <ActionController::Parameters {} permitted: true>
As you can see, for each permit call, you'd get different logs.如您所见,对于每个permit调用,您会得到不同的日志。 Thus, this would only make sense if the code in that controller would include all permitted (and required) parameters:因此,这只有在该控制器中的代码包含所有允许(和必需)参数时才有意义:
irb> params.permit(:username, :offset, :limit)
Unpermitted parameter: :bogus
=> <ActionController::Parameters {"username"=>"john", "offset"=>5} permitted: true>
When action_on_unpermitted_parameters = :raise :当action_on_unpermitted_parameters = :raise :
The effect here is that it raises when the params contain keys that are not allowed.这里的效果是当参数包含不允许的键时它会引发。 Similar to :log , this also only would make sense when all permitted (and required) keys are specified:与:log类似,这也只有在指定了所有允许(和必需)的键时才有意义:
irb> ActionController::Parameters.action_on_unpermitted_parameters = :raise
=> :raise
irb> params = ActionController::Parameters.new(username: 'john', offset: 5, bogus: 'foo')
=> <ActionController::Parameters {"username"=>"john", "offset"=>5, "bogus"=>"foo"} permitted: false>
irb> params.require(:username)
=> "john"
irb> params.permit(:offset)
Traceback (most recent call last):
1: from (irb):19
ActionController::UnpermittedParameters (found unpermitted parameters: :username, :bogus)
irb> params.permit(:limit)
Traceback (most recent call last):
2: from (irb):20
1: from (irb):20:in `rescue in irb_binding'
ActionController::UnpermittedParameters (found unpermitted parameters: :username, :offset, :bogus)
Contrast that to including all keys:相比之下,包括所有键:
irb> params.permit(:username, :offset, :limit)
Traceback (most recent call last):
2: from (irb):21
1: from (irb):21:in `rescue in irb_binding'
ActionController::UnpermittedParameters (found unpermitted parameter: :bogus)
Having said that, I couldn't find any occurrence of action_on_unpermitted_parameters in Discourse's codebase.话虽如此,我在 Discourse 的代码库中找不到任何action_on_unpermitted_parameters 。 Thus, the value is nil and therefore I conclude that #permit in that controller action has no effect in terms of functionality.因此,该值为nil ,因此我得出结论,该控制器操作中的#permit对功能没有影响。
It could be there as a convention serving as documentation where first all required parameters are listed and then all optional ones.它可以作为一个约定作为文档,首先列出所有必需的参数,然后列出所有可选的参数。
Digging deeper, these #permit calls were introduced in this commit when it was still a separate gem called strong_parameters .深入挖掘,这些#permit调用是在此提交中引入的,当时它仍然是一个名为strong_parameters的单独 gem。 The behavior of #permit in that gem was the same as today.该 gem 中#permit的行为与今天相同。 This makes me think that the author of that commit misunderstood the API of strong_parameters .这让我觉得那个提交的作者误解了strong_parameters的 API。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.