search for: strong_parameters

Displaying 7 results from an estimated 7 matches for "strong_parameters".

2012 Oct 03
1
Is there planned support for permitting params one at a time vs. all at once in strong_parameters/Rails 4?
Was going to have a variety of request params sent in and use a class_attribute that would define types of request parameters that are allowed. strong_parameters wouldn''t be too much trouble in such a case if it would allow me to manually permit some attributes (dynamically determined) in the controller but allow strong_parameters to enforce security of others. Is this something that has been discussed before that someone could point me to or...
2013 Feb 25
7
Optimistic Locking Enhancements: Gem or Core?
...e to add :lock_version to forms wherever the model is used. You also have to "hack" around rails'' UJS feature to add it as a URL parameter when using remote: true, method: [:put, :patch, :post, :delete]. On the controller side in rails 4 (or if you''re just using the strong_parameters gem in 3.x) you have to remember to permit the :lock_version parameter wherever you''re using that model or it will just be silently ignored rendering the protection useless. It seems like this could all be handled in rails core by introspecting the form object and injecting the lock_v...
2013 Oct 21
6
I think I've found a mistake in Rails tutorial
At the point of this section *http://ruby.railstutorial.org/chapters/sign-up#sec-signup_failure*<http://ruby.railstutorial.org/chapters/sign-up#sec-signup_failure> clicking the "Create my account" button on the signup form shows the following image at <http://ruby.railstutorial.org/images/figures/signup_failure_rails_4.png> According to the tutorial, I must modify
2013 Oct 23
3
Rails 4 and HABTM Checkboxes: Unpermitted parameters error
...t_name, :last_name, :degree, :accepting_new_patients, :specialty, :secondary_specialty, :c_v, :practice_ids) end then the form works correctly (so it''s not an HTML issue or anything basic like that) -- I am able to set and unset the practice ids. Can anyone suggest how I can keep the strong_parameters from Rails 4 but use habtm like this? Thanks, Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH...
2012 Oct 01
1
active_model_serializers, more than one level deep of associations, specifying serializers per association
I am assuming this an appropriate place to discuss this, but if it isn''t my apologies- just let me know. Just a Rails 4-ish thing. Am attempting to pull AMS (active_model_serializers), strong_parameters, and the "permitter" strategy that Adam Hawkins is using: http://broadcastingadam.com/2012/07/parameter_authorization_in_rails_apis/ Code so far is here (in the integrate-twinturbo_strategy_for_param_authr branch if you clone): https://github.com/garysweaver/restful_json/tree/integrate...
2012 Jul 09
10
attr_accessible on some properties + attr_protected on others makes class 'open-by-default'
(I posted this as a bug in GitHub (https://github.com/rails/rails/issues/7018), but then someone there told me I should post it here, so here it is.) If you set attr_accessible on some properties in an ActiveRecord-descended class, and then attr_protected on others - the class becomes ''default-open'' - if any properties are missed or added later, they will be accessible by
2012 Sep 18
4
"best practices" for Rails serving RESTful JSON services for use by AngularJS, Ember.js, etc.
...r: * RABL: provides an way to do json views (to replace sending options into as_json/to_json) does not handle incoming JSON to be persisted in a similar way. * ActiveModel::Serializers available now and coming in Rails 4 - similar to RABL in that it does not map incoming JSON to be persisted. * strong_parameters available now and coming in Rails 4 - keeps you from being able to accidentally persist something that the controller doesn''t specifically define, but does not define JSON view. * roar-rails - provides a way to specify both the JSON view and what is accepted, so we are attempting to int...