Displaying 7 results from an estimated 7 matches for "strong_parameters".
2012 Oct 03
1
Is there planned support for permitting params one at a time vs. all at once in strong_parameters/Rails 4?
Was going to have a variety of request params sent in and use a
class_attribute that would define types of request parameters that are
allowed. strong_parameters wouldn''t be too much trouble in such a case if
it would allow me to manually permit some attributes (dynamically
determined) in the controller but allow strong_parameters to enforce
security of others.
Is this something that has been discussed before that someone could point
me to or...
2013 Feb 25
7
Optimistic Locking Enhancements: Gem or Core?
...e to add :lock_version to forms wherever the model is used. You also
have to "hack" around rails'' UJS feature to add it as a URL parameter when
using remote: true, method: [:put, :patch, :post, :delete]. On the
controller side in rails 4 (or if you''re just using the strong_parameters
gem in 3.x) you have to remember to permit the :lock_version parameter
wherever you''re using that model or it will just be silently ignored
rendering the protection useless.
It seems like this could all be handled in rails core by introspecting the
form object and injecting the lock_v...
2013 Oct 21
6
I think I've found a mistake in Rails tutorial
At the point of this section
*http://ruby.railstutorial.org/chapters/sign-up#sec-signup_failure*<http://ruby.railstutorial.org/chapters/sign-up#sec-signup_failure>
clicking the "Create my account" button on the signup form shows the
following image at
<http://ruby.railstutorial.org/images/figures/signup_failure_rails_4.png>
According to the tutorial, I must modify
2013 Oct 23
3
Rails 4 and HABTM Checkboxes: Unpermitted parameters error
...t_name, :last_name, :degree, :accepting_new_patients, :specialty, :secondary_specialty, :c_v, :practice_ids)
end
then the form works correctly (so it''s not an HTML issue or anything basic like that) -- I am able to set and unset the practice ids.
Can anyone suggest how I can keep the strong_parameters from Rails 4 but use habtm like this?
Thanks,
Walter
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH...
2012 Oct 01
1
active_model_serializers, more than one level deep of associations, specifying serializers per association
I am assuming this an appropriate place to discuss this, but if it isn''t my
apologies- just let me know. Just a Rails 4-ish thing.
Am attempting to pull AMS (active_model_serializers), strong_parameters,
and the "permitter" strategy that Adam Hawkins is using:
http://broadcastingadam.com/2012/07/parameter_authorization_in_rails_apis/
Code so far is here (in the integrate-twinturbo_strategy_for_param_authr
branch if you clone):
https://github.com/garysweaver/restful_json/tree/integrate...
2012 Jul 09
10
attr_accessible on some properties + attr_protected on others makes class 'open-by-default'
(I posted this as a bug in GitHub
(https://github.com/rails/rails/issues/7018), but then someone there told
me I should post it here, so here it is.)
If you set attr_accessible on some properties in an ActiveRecord-descended
class, and then attr_protected on others - the class becomes ''default-open''
- if any properties are missed or added later, they will be accessible by
2012 Sep 18
4
"best practices" for Rails serving RESTful JSON services for use by AngularJS, Ember.js, etc.
...r:
* RABL: provides an way to do json views (to replace sending options into
as_json/to_json) does not handle incoming JSON to be persisted in a similar
way.
* ActiveModel::Serializers available now and coming in Rails 4 - similar to
RABL in that it does not map incoming JSON to be persisted.
* strong_parameters available now and coming in Rails 4 - keeps you from
being able to accidentally persist something that the controller doesn''t
specifically define, but does not define JSON view.
* roar-rails - provides a way to specify both the JSON view and what is
accepted, so we are attempting to int...