rails 4 strong parameters still unpermitted - ruby-on-rails-4

i have an issue with strong parameters in Rails 4, basically I have this params coming
Parameters: {"user_id"=>"1", "attends"=>[{"survey_id"=>15, "question_id"=>67, "anwser_id"=>196}, {"survey_id"=>15, "question_id"=>68, "anwser_id"=>200}, {"survey_id"=>15, "question_id"=>69, "anwser_id"=>202}, {"survey_id"=>15, "question_id"=>70, "anwser_id"=>205}, {"survey_id"=>15, "question_id"=>71, "anwser_id"=>208}], "attend"=>{}}
and in my controller i have
private
def attend_params
params.permit(:user_id, :format, :attend, :attends, {:attends => []})
end
but i still get this error
Unpermitted parameters: attends, attend
attend_params is called in my controller by this way, no much more, the data passed at th method create via POST are submitted by an external app. there is no view for it.
def create
logger.info "\n attend_params #{attend_params}\n"
end
any hint?
thank you

Try this
params.permit(:user_id, :format,
attend: {} ,
attends: [ :survey_id, :question_id, :anwser_id ])
UPDATE
As you can see in the screenshot attached, I create a request which results in the same set of parameters. I intentionally add a user param which is not permitted and you can see that user parameter is rejected, other parameters go through. Are you sure you have provided the correct parameters?

Related

Redirecting a request in a routing constraint

I have Sidekiq mounted in my routes file to the /sidekiq endpoint.
I use a constraints option to have it call an external class for validation as a way of preventing non-privelaged users from accessing that endpoint.
# config/routes.rb
mount Sidekiq::Web => "/sidekiq", constraints: Sidekiq::AdminConstraint.new
# lib/sidekiq/admin_constraint.rb
module Sidekiq
class AdminConstraint
def matches?(request)
return false unless request.session[:user_id]
user = User.find_by_id(request.session[:user_id])
user && Ability.new(user).can?(:manage, :sidekiq)
end
end
end
This setup works great. However, it only lets me return true / false on whether the request should go through or not. It does not let me -
Set a flash message (e.g. "You are not permitted to access that page") and
Redirect to some arbitrary page
In that sense, I'm looking for it to behave more like a controller's before_filter.
Is there a way I can modify the request object that's passed in to implement that redirect?
Thanks!
I don't have idea directly set the flash messages, But we can use in different way.
Use the following solution
In your routes.rb, add the following line in the end of the file
match "*path", :to => "application#error_404"
This basically means, any path that is not defined in your route will end up going to error_404 in application_controller. Its very important to put this at the end of your file
And in your ApplicationController, add
def error_404
redirect_to root_path
end
Thanks

Cancancan check submitted parameter

How do I get cancancan to check an parameter to see if the user can update?
Controller gets:
Parameters: {"offer"=>{"revoked"=>"1", "user_id"=>"14"}, "id"=>"53"}
ability.rb:
can :update, Controller, :user_id => user.id
cannot :update, Controller, { :revoked => nil }
controller code:
#offer.update(params)
This is giving me a Cancancan error saying that the user is not authorized. I think I need to specify that :revoked is inside the offer hash, but I can't figure out the correct code for that.
How to change what the Ability class can access:
https://github.com/ryanb/cancan/wiki/Accessing-Request-Data
Or how to pass params into the Ability class more specifically for your purposes:
https://stackoverflow.com/a/9472881/4880924
# CanCan - pass params in to Ability
# https://github.com/ryanb/cancan/issues/133
def current_ability
#current_ability ||= Ability.new(current_user, params)
end
Then it's a matter of simply accessing the relevant part of the params and checking whether it passes.

Rails controllers, rendering view from different controller, saving form inputs and error messages

Two controllers: Users and Tasks.
Main page for Users = Users/user_id.
Form on main page used to input data into tasks model.
This process handled by the Tasks Controller.
Successful input: redirect and load tasks from database, OK, all working.
Unsuccessful input, just need to refresh main page so we keep form input and specialised (non-flash) error messages
I can't seem to get the Tasks Controller to deliver the original page. Error is Missing template users/1(which is the correct syntax if I were to visit in my browser).
Should I be calling an action and passing params? Any help for this beginner would be really appreciated.
def create
#task = current_user.tasks.build(task_params)
if #task.save
flash[:success] = "New task created!"
redirect_to user_url(current_user)
else
flash[:error] = "Task not saved! Please see guidance by form labels"
render "users/#{current_user.id}"
end
end
private
def task_params
params.require(:task).permit(:label, :address, :content)
end
end
users/1 is not a template, it's a path. users/show is the template in this case.
mind that the only reason to use render is to render a template in the scope of your current controller action rather than the normal one.
i.e. you probably need to have #user etc set, or the users/show template will be upset about missing variables.
In this case it might be easier just to redirect_to user_path(id) and allow the users/#show controller action set up the #user variable etc.

param is missing or the value is empty: holiday

Hi guys new to ruby on rails, having this problem when i try to create new holiday records for a particular profile . it says error:
param is missing or the value is empty: holiday.
# Never trust parameters from the scary internet, only allow the white list through.
def holiday_params
params.require(:holiday).permit(:details, :Profile_id)
end
end
profile params:
private
# Use callbacks to share common setup or constraints between actions.
def set_profile
#profile = Profile.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def profile_params
params.require(:profile).permit(:firstname, :lastname, :work_email, :phone, :employment_type, :employment_start_date, :linkedin_profile, :nationality, :date_of_birth, :notes)
end
end
Ensure that params[:holiday] exists for whatever path you are calling for the Holiday controller.
See: param is missing or the value is empty: user rails 4

Rails 4 not passing permitted parameters

Apologies for posting what seems to be an oft-asked question but I have toiled for two days without getting closer.
I am running Rails 4.0.1 (with Devise, CanCan, among others) and have user and role models with a HABTM users_roles table (as created by the since-removed rolify).
class Role < ActiveRecord::Base
has_and_belongs_to_many :users, :join_table => :users_roles
belongs_to :resource, :polymorphic => true
attr_reader :user_tokens
def user_tokens=(ids)
self.user_ids = ids.split(",")
end
end
My submitted form data is:
"role"=>{"name"=>"disabled", "resource_id"=>"", "resource_type"=>"Phone", "user_tokens"=>["", "3"]}
(Not sure where the empty string comes from; it's not in the option list, but hey, welcome to Rails).
My problem is with getting the user_tokens data passed into the appropriate variable in the controller.
There are lots of postings suggesting the correct format (e.g., how to permit an array with strong parameters)
If I specify the permitted parameters thus:
params.require(:role).permit(:name, :resource_id, :resource_type, :user_tokens => [] )
I get a '500 Internal server error' with no other details.
If I specify the permit as
params.require(:role).permit(:name, :resource_id, :resource_type, user_tokens: [] )
I don't get any errors (No unpermitted parameters in the dev log) but the user_tokens array is not passed through in the #role.
If I run this scenario through a console I get:
params = ActionController::Parameters.new(:role => {:resource_id => "", :resource_type => "Phone", :user_tokens => ["", "3"]})
params.require(:role).permit(:name, :resource_id, :resource_type, user_tokens: [] )
=> {"resource_id"=>"", "resource_type"=>"Phone", "user_tokens"=>["", "3"]}
params.require(:role).permit(:user_tokens).permitted?
Unpermitted parameters: resource_id, resource_type, user_tokens
=> true
I'm stuck as to where I should try looking next.
Even though I was sure I had already tried it, changing the model to be
def user_tokens=(ids)
self.user_ids = ids
end
fixed it. I've always struggled to understand this bit of notation except when I've spent 4 days trying why my many:many models don't work.
I guess it'd be easier if I was doing this full time rather than just for particular sysadmin projects.