i have restful api (actioncontroller::api) service accepts list of params. restful service takes json body request (with content-type of application/json). when debug controller/action (right after action def) , take peak @ params list, appears follows:
<actioncontroller::parameters {"given_name"=>"mark", "subdomain"=>"development", "controller"=>"user", "action"=>"create", "user"=>{"given_name"=>"mark"}} permitted: false> edit request has in (when passed controller/action -- using postman):
{"given_name":"mark"} notice object contains given_name params twice. normal behavior? did not pass "user" object (json object) controller/action? permitted flag?
when try use (right i'm testing restful call , assigning values user object except... no validations have been programmed yet):
user = user.new(params) i error:
#<activemodel::forbiddenattributeserror: activemodel::forbiddenattributeserror> so, i've looked everywhere reasoning behind (why there "user" key in params list? purpose of permitted flag? why getting error when try assign params)?
edit
after doing testing, change controller name "user_controller" "tester_controller" , setup routes point renamed controller.
it seems "user" object in params list above has changed "tester". why param list contain "object" passed params name of controller? if that's case, why needed?
any appreciated.
you need specify attributes acceptable mass-assignment in controller.
def create @user = user.new(params.require(:user).permit(:given_name)) end this prevents malicious users making request posts alter attributes internal application, role in case of user object.
as mentioned above, better explanation can found in guide referring strong parameters.
Comments
Post a Comment