stackoom
  简体   繁体   中英

Dynamic / Regex params in ApplicationController

 原文  2021-04-22 12:38:01       ruby-on-rails/ strong-parameters/ applicationcontroller

Question

How to permit dynamic params in an AppicationController?

so all these parameters should permitted:

params = { "filter_color" => "blue,green", 
           "filter_size" => "xl,sm,lg", 
           "filter_type" => "new,old,used",
           "limit" => "10" }

But my approach only passes limit ,

def product_params
  params.permit(:limit, /filter_.*/)
end

1 answers

solution1
 0 ACCPTED  2021-04-22 13:32:18

The permit method only processes an incoming value if it's a Symbol, String, or Hash .

If you want to try to work around this you could do something like this:

filter_names = params.keys.select { |key| key[/\Afilter_.*/] }
params.permit(:limit, *filter_names)

But be aware that the point of Strong Parameters is to define an explicit set of allowed values to avoid security problems with mass-assigning user-provided values. As long as it's always safe to allow any user to pass in any kind of filter_* value, then you should be OK.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Dynamic constant assignment when using REGEX inside rails ApplicationController? Class variables with params values in ApplicationController dynamic urls in rails params passing dynamic params field Rails ApplicationController ApplicationController Functionality How to pass dynamic params in Rails? Dynamic fields params inside the controller Strong params not permit dynamic keys dynamic list of params to be permited in rails
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM