search for: strong_parameters

Was going to have a variety of request params sent in and use a class_attribute that would define types of request parameters that are allowed. strong_parameters wouldn''t be too much trouble in such a case if it would allow me to manually permit some attributes (dynamically determined) in the controller but allow strong_parameters to enforce security of others. Is this something that has been discussed before that someone could point me to or...

...e to add :lock_version to forms wherever the model is used. You also have to "hack" around rails'' UJS feature to add it as a URL parameter when using remote: true, method: [:put, :patch, :post, :delete]. On the controller side in rails 4 (or if you''re just using the strong_parameters gem in 3.x) you have to remember to permit the :lock_version parameter wherever you''re using that model or it will just be silently ignored rendering the protection useless. It seems like this could all be handled in rails core by introspecting the form object and injecting the lock_v...

At the point of this section *http://ruby.railstutorial.org/chapters/sign-up#sec-signup_failure*<http://ruby.railstutorial.org/chapters/sign-up#sec-signup_failure> clicking the "Create my account" button on the signup form shows the following image at <http://ruby.railstutorial.org/images/figures/signup_failure_rails_4.png> According to the tutorial, I must modify

...t_name, :last_name, :degree, :accepting_new_patients, :specialty, :secondary_specialty, :c_v, :practice_ids) end then the form works correctly (so it''s not an HTML issue or anything basic like that) -- I am able to set and unset the practice ids. Can anyone suggest how I can keep the strong_parameters from Rails 4 but use habtm like this? Thanks, Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH...

I am assuming this an appropriate place to discuss this, but if it isn''t my apologies- just let me know. Just a Rails 4-ish thing. Am attempting to pull AMS (active_model_serializers), strong_parameters, and the "permitter" strategy that Adam Hawkins is using: http://broadcastingadam.com/2012/07/parameter_authorization_in_rails_apis/ Code so far is here (in the integrate-twinturbo_strategy_for_param_authr branch if you clone): https://github.com/garysweaver/restful_json/tree/integrate...

(I posted this as a bug in GitHub (https://github.com/rails/rails/issues/7018), but then someone there told me I should post it here, so here it is.) If you set attr_accessible on some properties in an ActiveRecord-descended class, and then attr_protected on others - the class becomes ''default-open'' - if any properties are missed or added later, they will be accessible by

...r: * RABL: provides an way to do json views (to replace sending options into as_json/to_json) does not handle incoming JSON to be persisted in a similar way. * ActiveModel::Serializers available now and coming in Rails 4 - similar to RABL in that it does not map incoming JSON to be persisted. * strong_parameters available now and coming in Rails 4 - keeps you from being able to accidentally persist something that the controller doesn''t specifically define, but does not define JSON view. * roar-rails - provides a way to specify both the JSON view and what is accepted, so we are attempting to int...